From owner-freebsd-pf@FreeBSD.ORG Sat May 19 09:53:43 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E0A2716A402 for ; Sat, 19 May 2007 09:53:43 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from frontmail.ipactive.de (frontmail.maindns.de [85.214.95.103]) by mx1.freebsd.org (Postfix) with ESMTP id A1D2513C489 for ; Sat, 19 May 2007 09:53:43 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from mail.vtec.ipme.de (Q7d12.q.ppp-pool.de [89.53.125.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by frontmail.ipactive.de (Postfix) with ESMTP id B7CA1128829 for ; Sat, 19 May 2007 11:53:35 +0200 (CEST) Received: from cesar.sz.vwsoft.com (cesar.sz.vwsoft.com [192.168.16.3]) by mail.vtec.ipme.de (Postfix) with ESMTP id 638233FA07; Sat, 19 May 2007 11:53:02 +0200 (CEST) Message-ID: <464EC8FF.9010207@vwsoft.com> Date: Sat, 19 May 2007 11:53:03 +0200 From: Volker User-Agent: Thunderbird 2.0.0.0 (X11/20070420) MIME-Version: 1.0 To: Umar References: <10678120.post@talk.nabble.com> <464D70D0.3000608@vwsoft.com> <10679395.post@talk.nabble.com> <464D8AE8.30103@vwsoft.com> <10680560.post@talk.nabble.com> <464D9357.6090505@vwsoft.com> <10680832.post@talk.nabble.com> <464D9B78.1010700@vwsoft.com> <10681289.post@talk.nabble.com> <464DA3B5.9050606@vwsoft.com> <10689606.post@talk.nabble.com> In-Reply-To: <10689606.post@talk.nabble.com> X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-VWSoft-MailScanner: Found to be clean X-MailScanner-From: volker@vwsoft.com X-ipactive-MailScanner-Information: Please contact the ISP for more information X-ipactive-MailScanner: Found to be clean X-ipactive-MailScanner-From: volker@vwsoft.com Cc: freebsd-pf@freebsd.org Subject: Re: bandwidth controlling with ALTQ X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 May 2007 09:53:44 -0000 On 05/18/07 22:17, Umar wrote: > Dear Volker! > > Thanks its working fine. > > (pass in quick log on $int_if proto tcp from 192.168.3.30 to any flags > S/SA keep state queue client1) > > what will be the syntax if 192.168.3.30 comes through ppp means I have > configured PPPoE server so i dont know the interface of 192.168.3.30 because > the tun interface randomly changed e.g (tun1, tun2, tun3, tun4) etc. > Umar, if I get you right, you don't know whether 192.168.3.30 is connected by tun0, tun1, tunN or ppp0, ppp1, pppN. You may (at any time with any interface) use the 'interface group'. For example: pass in on tun all keep state ^^^^ would let pass all packets in from all tun interfaces. Please note the missing device number (tun but not tun0). I'm using it like that for clients connecting by PPTP from the outside. As I don't know how many clients will connect by PPTP at any time, I'm passing all their traffic by using the interface group. HTH Volker