From owner-freebsd-questions@FreeBSD.ORG Fri Jun 6 14:12:26 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 665921065726 for ; Fri, 6 Jun 2008 14:12:26 +0000 (UTC) (envelope-from fbsd06+WU=e5040788@mlists.homeunix.com) Received: from turtle-out.mxes.net (turtle-out.mxes.net [216.86.168.191]) by mx1.freebsd.org (Postfix) with ESMTP id 44EA18FC0C for ; Fri, 6 Jun 2008 14:12:26 +0000 (UTC) (envelope-from fbsd06+WU=e5040788@mlists.homeunix.com) Received: from mxout-03.mxes.net (mxout-03.mxes.net [216.86.168.178]) by turtle-in.mxes.net (Postfix) with ESMTP id 434F7163DE9 for ; Fri, 6 Jun 2008 09:56:10 -0400 (EDT) Received: from gumby.homeunix.com. (unknown [87.81.140.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTP id ECFAF23E3EF for ; Fri, 6 Jun 2008 09:56:08 -0400 (EDT) Date: Fri, 6 Jun 2008 14:56:06 +0100 From: RW To: freebsd-questions@freebsd.org Message-ID: <20080606145606.7f5aee82@gumby.homeunix.com.> In-Reply-To: <8d23ec860806051807p719f8ea4mfb70ed107539ecc2@mail.gmail.com> References: <8d23ec860806051807p719f8ea4mfb70ed107539ecc2@mail.gmail.com> X-Mailer: Claws Mail 3.4.0 (GTK+ 2.12.9; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Queuing and Prioritization with PF X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2008 14:12:26 -0000 On Thu, 5 Jun 2008 21:07:49 -0400 Schiz0 wrote: > Hey, > > I have pf running as the firewall on a web and IRC box. I'd like to > setup a bit of prioritization. I want ssh to be a higher priority than > any other traffic. I've read up on Class Based Queuing and Priority > Queuing. If I understand it correctly, priority queuing will transfer > ALL packets with higher priority before ANY of the lower-priority > packets. So if I'm transferring a file via SCP, all other traffic will > stop until the transfer is complete? I don't want other traffic to > stop completely, I just want ssh to have a higher priority. Should I > use class-based then? Possibly, but from what you have said I think you can get away with priority queueing using TOS. ALTQ allows you to specify two queues per rule. The first is for normal traffic, and the second is for empty acks and packets with a "low-delay" TOS. If you specify the same two queues for all TCP traffic then you should get prioritization for interactive SSH, but not SCP. Take a look at pf.conf(5) for examples.