PF+PRIQ
Milan Lysa
Milan.Lysa at progeo.cz
Thu Sep 7 08:09:15 CEST 2006
> Ahoj,
> udelal jsem si nasledujici konfiguraci pf:
>
> scrub in all
>
> A_TCPports = "{ ssh, telnet }"
> A_UDPports = "{ ntp }"
>
> B_TCPports = "{ aol }"
> B_UDPports = "{ domain }"
>
> C_TCPports = "{ smtp, pop3, pop3s, imap, imaps, http, https }"
>
> D_TCPports = "{ ftp, ftp-data }"
>
>
> # PRIQ on interface wi0 5Mb
> altq on wi0 priq bandwidth 5Mb queue { wi0-pri-A wi0-pri-B
> wi0-pri-C wi0-pri-D wi0-pri-default }
> queue wi0-pri-A priority 15
> queue wi0-pri-B priority 7
> queue wi0-pri-C priority 5
> queue wi0-pri-D priority 4
> queue wi0-pri-default priority 0 priq(default)
>
> pass out on wi0 inet proto icmp from any to any icmp-type
> echoreq keep state queue wi0-pri-A pass out on wi0 proto tcp
> from any to any port $A_TCPports keep state queue wi0-pri-A
> pass out on wi0 proto udp from any to any port $A_UDPports
> keep state queue wi0-pri-A pass out on wi0 proto tcp from any
> to any port $B_TCPports keep state queue wi0-pri-B pass out
> on wi0 proto udp from any to any port $B_UDPports keep state
> queue wi0-pri-B pass out on wi0 proto tcp from any to any
> port $C_TCPports keep state queue wi0-pri-C pass out on wi0
> proto tcp from any to any port $D_TCPports keep state queue wi0-pri-D
>
>
> Ale nemuzu prijit na to, proc mi to "nefunguje". Když se
> divam na fronty (napr. pfctl -sq -vvv), vidim všechny,
> nicmene data mi tecou pouze defaultni a to ještě neskutecne
> malo (radove bajty). Všechny ostatní fronty mají prutok 0.
> Celkovym definovanym bw to nebude (zkousel jsem i snizit).
> Provozuji zaroven s IPFW (ale bez pravidel). S pf si teprve
> zacinam hrat, tak pokud je to nejaka hloupost nevim o ni. :-)
>
> Milan
Neslo by nekam vystavit odkaz na cely pf.conf? Tahle cast vypada v poradku.
Nebo IP, login a heslo, ze bysme se na to podivali.
Milan Lysa
More information about the Users-l
mailing list