From owner-freebsd-questions@FreeBSD.ORG Thu Mar 27 22:29:36 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E56761065670 for ; Thu, 27 Mar 2008 22:29:36 +0000 (UTC) (envelope-from joeryan3@gmail.com) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.169]) by mx1.freebsd.org (Postfix) with ESMTP id BC5FF8FC17 for ; Thu, 27 Mar 2008 22:29:36 +0000 (UTC) (envelope-from joeryan3@gmail.com) Received: by wf-out-1314.google.com with SMTP id 25so4064495wfa.7 for ; Thu, 27 Mar 2008 15:29:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=HFhLQea8sjkRtl/fLbzuDSPSrxQtb0y+2/fMzaMGiH8=; b=o8+h0bcBDcTdM6VDRDGWWsGjNyPkCU3/A3DbZ4CYbhIwvujOz4IWFVtg8rZCFpiyx9XES130Qq4i4YdwaKFn4lDlc++frTSbvtXofs35poOrRFpiRkIPVvN0wei0A8SGHnVpv3wiOJkkA0H9nYfkvSQhRxQ+EvFYoKa5JyrnFSs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:to:subject:mime-version:content-type; b=bzKXP0j5XSxj4yk6WcOgMx9WjpbkhKehFihoorxIvXQ5mQW3D4rhjoi7F4mjvmlZuaVBdKDyM4v70yygIHytx4h64X6dHLkBGG1AZ6GVx6tPaasWCYkXbuID83QiyPRcDPZ4NxL8yzKLK/G5cx6TZoasUIIshI3uX6ButS0n4kg= Received: by 10.142.47.6 with SMTP id u6mr1935022wfu.29.1206656975726; Thu, 27 Mar 2008 15:29:35 -0700 (PDT) Received: by 10.142.180.9 with HTTP; Thu, 27 Mar 2008 15:29:35 -0700 (PDT) Message-ID: <32e5d9700803271529n5f2c6bcejdf6fc24e4f084275@mail.gmail.com> Date: Thu, 27 Mar 2008 18:29:35 -0400 From: "Joe Ryan" To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Limiting Individual User Upload w/ PF+ALTQ X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Mar 2008 22:29:37 -0000 I am trying to setup traffic shaping on our network. I was wondering if it was possible to limit a users download bandwidth and upload bandwidth within the same state connection. For example, say a user connects to an external FTP site and does some uploading and downloading. Can I allow him to download at 1Mb but limit his upload to 500Kb? As I understand the packet filtering of PF, the first packet creates a state and the rest are then ignored by the filtering software. If this is true, the users first packet will be inbound on the internal interface which will be queued for download speed. This makes sense to me when you want to queue the entire connection but how do I then do a separate queue on the traffic coming back? I am using 7.0 STABLE. Thanks in advance, Joe