Date: Wed, 15 Nov 2006 06:37:56 +0000 From: "dll ......." <darkdll@hotmail.com> To: <freebsd-pf@freebsd.org> Subject: how to limit bandwidth for incoming traffic that has destination to gateway itself Message-ID: <BAY120-W10E1354600807DED5A97F6B7EA0@phx.gbl>
next in thread | raw e-mail | index | archive | help
With my current pf.conf I can limit bandwidth from external to internal network
but I can't limit bandwidth from external to gateway (ie. connection create by gateway itself)
Sorry for my english
This is my pf.conf
ext_if="tun0"
int_if="rl1"
std_ports="{ ftp, http, https }"
iac_ports="{ 1863, 6111:6119 }"
table <LH> { self }
table <Ext> { !self , !$int_if:network , 0.0.0.0/0 }
set skip on lo0
set limit states 30000
set optimization normal
scrub all reassemble tcp
altq on $ext_if cbq bandwidth 512Kb queue { ack_out, dns_out, iac_out, std_out, p2p_out }
queue ack_out bandwidth 10% priority 7 cbq(borrow)
queue dns_out bandwidth 10% priority 5 cbq(borrow)
queue iac_out bandwidth 20% priority 3 cbq(borrow)
queue std_out bandwidth 40% priority 2 cbq(borrow)
queue p2p_out bandwidth 20% priority 0 cbq(default ,borrow)
altq on $int_if cbq bandwidth 100Mb queue { loc_in, ext_in }
queue loc_in bandwidth 99Mb priority 5 cbq(borrow)
queue ext_in bandwidth 1Mb priority 1 { iac_in, std_in, p2p_in }
queue iac_in bandwidth 20% priority 5 cbq(borrow)
queue std_in bandwidth 50% priority 3 cbq(borrow)
queue p2p_in bandwidth 30% priority 0 cbq(default, rio ,borrow)
nat on $ext_if from $int_if:network to <Ext> tag INT_NAT -> ($ext_if)
block log all
antispoof quick for $int_if
pass in on $int_if from $int_if:network to <Ext> flags S/SAFR keep state queue p2p_in
pass in on $int_if proto tcp from $int_if:network to <Ext> port $std_ports flags S/SAFR keep state queue std_in
pass in on $int_if proto tcp from $int_if:network to <Ext> port $iac_ports flags S/SAFR keep state queue iac_in
pass out on $ext_if from <LH> to <Ext> flags S/SAFR modulate state queue(p2p_out, ack_out)
pass out on $ext_if proto tcp from <LH> to <Ext> port $std_ports flags S/SAFR modulate state queue(std_out, ack_out)
pass out on $ext_if proto tcp from <LH> to <Ext> port ssh flags S/SAFR modulate state queue(std_out, iac_out)
pass out on $ext_if proto tcp from <LH> to <Ext> port $iac_ports flags S/SAFR modulate state queue(iac_out, ack_out)
Is there something wrong with this pf.conf
Help me please
Thanks
dll
_________________________________________________________________
Try Live.com: where your online world comes together - with news, sports, weather, and much more.
http://www.live.com/getstarted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY120-W10E1354600807DED5A97F6B7EA0>