Professional Web Applications Themes

help with pf - FreeBSD

Hello, I read the manpage on pf and constructed a basic set of rules and macros. However, when I start pf it gives me errors about the syntax of my file. Basically all I want to accomplish is I don't want my p2p programs to be able to hog the traffic away from me if I'm trying to surf. When I'm not surfing I want them to be able to download as fast as possible. Here is what I have added to pf.conf: ext_if="vr0" <further down> altq on $ext_if priq queue mail priority 13 queue ssh priority 12 queue web ...

  1. #1

    Default help with pf

    Hello,
    I read the manpage on pf and constructed a basic set of rules and
    macros. However, when I start pf it gives me errors about the syntax of
    my file. Basically all I want to accomplish is I don't want my p2p
    programs to be able to hog the traffic away from me if I'm trying to
    surf. When I'm not surfing I want them to be able to download as fast
    as possible.

    Here is what I have added to pf.conf:
    ext_if="vr0"

    <further down>

    altq on $ext_if priq
    queue mail priority 13
    queue ssh priority 12
    queue web priority 14

    <further down>

    pass in proto tcp from any to port http keep state queue web
    pass in proto tcp from any to port ssh keep state queue ssh
    pass in proto tcp from any to port {smtp imap} queue mail


    Does anyone know what I might have done wrong? I thought that I had it
    correct based on the manpage. I'm sure it's something really stupid
    that I missed.

    Thanks in advance for the help

    /Brian
    Brian Guest

  2. #2

    Default RE: help with pf


    Brian John wrote:
     

    Read http://www.openbsd.org/faq/pf/queueing.html. There are
    good examples.

    Regards Björn

    Björn Guest

  3. #3

    Default Re: help with pf

    On Sun, 3 Apr 2005, Brian John wrote:
     

    I see one syntactical thing you missed.
    You have to define your child queues in your altq declaration. Something
    like:
    altq on $ext_if priq queue {mail, ssh, web}

    Also, after you get the syntax right, unless the maximum bandwidth of your
    outside line is the same as the maximum bandwidth of your network card
    (does this ever happen?) you're going to want to use the "bandwidth"
    keyword in that declaration also, and pick a proper value for it. Picking
    the right bandwidth value seems to be an art form that requires a lot of
    trial and error and liberal use of "pfctl -vvs queue"

    If traffic shaping isn't working and your queues are always empty, then
    the number is too high. If the queues are filling up and dropping too
    many packets, then either the number is too low or you're just generating
    more traffic than you can handle well.

    Luke Dean
    LukeD@pobox.com Guest

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139