Date: Fri, 25 Jul 2008 09:23:36 +0200 From: "Rudi Kramer - MWEB" <rkramer@mweb.com> To: <freebsd-pf@freebsd.org> Subject: PF+ALTQ+PRIQ Message-ID: <39DC135F7F0571489196E0B6F5D58B4A03B45F35@MWBEXCH.mweb.com> References: <d39744a20807231025w42fc4a99ha1e99be5fd5c76b0@mail.gmail.com><48876DAD.9080100@optiksecurite.com><d39744a20807231127u11df822rc2022a70b1a1af3e@mail.gmail.com><d39744a20807231128j6641996i95ee8fec03053b6e@mail.gmail.com><488780A6.4010807@radel.com><d39744a20807231221u11709fd0n434f05e57259375c@mail.gmail.com><48879B35.1060905@gibfest.dk><d39744a20807240557g2ceae355ka21e852d10ccc050@mail.gmail.com> <488889EA.8000306@optiksecurite.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello,
I wanted to play around with ALTQ and PRIQ queuing and I came up with
the following pf config.
My goal was to have TCP ACKs that have no payload having the highest
priority and then cod, dns, ssh in their own queues and everything else
falling in to the default queue.
##################################################
#Macros
ext_if =3D "tun0"
cod_ports =3D "{28960:29000}"
##Tables
table <priv_net> { 192.168.0.0/24 }
##Options
##Normalization
scrub in all
##Queueing
altq on $ext_if priq bandwidth 400Kb queue { q_pri, q_def, q_cod,
q_domain, q_ssh }
queue q_pri priority 10
queue q_cod priority 9
queue q_domain priority 8
queue q_ssh priority 7
queue q_def priority 1 priq(default)
#default to deny
block in log all
#allow loopback
pass quick on lo0 all
#Setup PRIQ Rules
pass out on $ext_if proto tcp from ($ext_if) to any queue (q_pri, q_def)
pass in on $ext_if proto tcp from any to ($ext_if) queue (q_pri, q_def)
pass out quick on $ext_if proto udp from ($ext_if) to any port
$cod_ports queue q_cod
pass in quick on $ext_if proto udp from any to ($ext_if) port
$cod_ports queue q_cod
pass out quick on $ext_if proto udp from ($ext_if) to any port domain
queue q_domain
pass in quick on $ext_if proto udp from any to ($ext_if) port domain
queue q_domain
pass out quick on $ext_if proto tcp from ($ext_if) to any port ssh queue
q_ssh
pass in quick on $ext_if proto tcp from any to ($ext_if) port ssh
queue q_ssh
#allow from fw to ext
pass out quick log on $ext_if proto tcp all
pass out quick log on $ext_if proto { udp, icmp } all
#allow from internal network out
pass quick log on $int_if proto tcp from <priv_net> to any
pass quick log on $int_if proto {udp, icmp } from <priv_net> to any
#########################################
As far as I can see it is working but I was hoping to get some input
from the list.
Thanks
Rudi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39DC135F7F0571489196E0B6F5D58B4A03B45F35>