From owner-freebsd-questions@FreeBSD.ORG  Thu Nov  9 23:32:50 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AA91D16A416
	for <freebsd-questions@freebsd.org>;
	Thu,  9 Nov 2006 23:32:50 +0000 (UTC)
	(envelope-from mksmith@adhost.com)
Received: from mail-in07.adhost.com (mail-in08.adhost.com [216.211.128.141])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6A63943D46
	for <freebsd-questions@freebsd.org>;
	Thu,  9 Nov 2006 23:32:50 +0000 (GMT)
	(envelope-from mksmith@adhost.com)
Received: from ad-exh01.adhost.lan (unknown [216.211.143.69])
	by mail-in07.adhost.com (Postfix) with ESMTP id D3F901B50BA;
	Thu,  9 Nov 2006 15:32:49 -0800 (PST)
	(envelope-from mksmith@adhost.com)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 9 Nov 2006 15:32:37 -0800
Message-ID: <17838240D9A5544AAA5FF95F8D520316014A7F4D@ad-exh01.adhost.lan>
In-Reply-To: <70e8236f0611091236u7cb5be24n32cbfa947ce02086@mail.gmail.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: access-lists and QoS implementation
Thread-Index: AccEQOlJSriHWeovTVaEawS6oEWjOwAFijvg
From: "Michael K. Smith - Adhost" <mksmith@adhost.com>
To: "Joao Barros" <joao.barros@gmail.com>,
	"Bill Moran" <wmoran@collaborativefusion.com>
Cc: Mark <cvrider@yahoo.com>, freebsd-questions@freebsd.org
Subject: RE: access-lists and QoS implementation
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Nov 2006 23:32:50 -0000

Hello:

-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Joao Barros
Sent: Thursday, November 09, 2006 12:36 PM
To: Bill Moran
Cc: Mark; freebsd-questions@freebsd.org
Subject: Re: access-lists and QoS implementation

On 11/9/06, Bill Moran <wmoran@collaborativefusion.com> wrote:
> In response to Mark <cvrider@yahoo.com>:
>
> > I would like to use my FreeBSD box as an ip router,
> > yet it lacks some functionality seen in Cisco boxes. I
> > am looking for a way to create access lists and also
> > do QoS such as LLQ, priority queing, etc. How can this
> > be accomplished in FreeBSD? Also, is there a FreeBSD
> > implementation of NBAR to classify traffic based on
> > higher layer packet information? For example, I would
> > like to allocate 20% bandwidth on an egress interface
> > to traffic matching an ACL or a certain protocol.
>
> Have a look at pf.  I believe it will do everything you need.

> pf doesn't support layer 7 protocol inspection. For that take a look
> at ng_tag which lives in CURRENT.

If you want to match on an ACL (Layer 3) or Protocol (Layer 4) then you
can use PF with AltQ for the actual classification and prioritization.

Mike