PF+PRIQ

[Milan Cizek]

Ahoj,
udelal jsem si nasledujici konfiguraci pf:

scrub in all

A_TCPports = "{ ssh, telnet }"
A_UDPports = "{ ntp }"

B_TCPports = "{ aol }"
B_UDPports = "{ domain }"

C_TCPports = "{ smtp, pop3, pop3s, imap, imaps, http, https }"

D_TCPports = "{ ftp, ftp-data }"


# PRIQ on interface wi0 5Mb
altq on wi0 priq bandwidth 5Mb queue { wi0-pri-A wi0-pri-B wi0-pri-C
wi0-pri-D wi0-pri-default }
  queue wi0-pri-A priority 15
  queue wi0-pri-B priority 7
  queue wi0-pri-C priority 5
  queue wi0-pri-D priority 4
  queue wi0-pri-default priority 0 priq(default)

pass out on wi0 inet proto icmp from any to any icmp-type echoreq keep state
queue wi0-pri-A
pass out on wi0 proto tcp from any to any port $A_TCPports keep state queue
wi0-pri-A
pass out on wi0 proto udp from any to any port $A_UDPports keep state queue
wi0-pri-A
pass out on wi0 proto tcp from any to any port $B_TCPports keep state queue
wi0-pri-B
pass out on wi0 proto udp from any to any port $B_UDPports keep state queue
wi0-pri-B
pass out on wi0 proto tcp from any to any port $C_TCPports keep state queue
wi0-pri-C
pass out on wi0 proto tcp from any to any port $D_TCPports keep state queue
wi0-pri-D


Ale nemuzu prijit na to, proc mi to "nefunguje". Když se divam na fronty
(napr. pfctl -sq -vvv), vidim všechny, nicmene data mi tecou pouze defaultni
a to ještě neskutecne malo (radove bajty). Všechny ostatní fronty mají
prutok 0. Celkovym definovanym bw to nebude (zkousel jsem i snizit).
Provozuji zaroven s IPFW (ale bez pravidel). S pf si teprve zacinam hrat,
tak pokud je to nejaka hloupost nevim o ni. :-)

Milan