From owner-freebsd-pf@FreeBSD.ORG Mon May 29 22:03:06 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93CC416B367 for ; Mon, 29 May 2006 22:03:06 +0000 (UTC) (envelope-from gus@clacso.edu.ar) Received: from piluso.clacso.edu.ar (piluso.clacso.edu.ar [168.96.200.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id B10D943D5F for ; Mon, 29 May 2006 22:03:05 +0000 (GMT) (envelope-from gus@clacso.edu.ar) Received: from panda.clacso.edu.ar ([168.96.200.196] helo=clacso.edu.ar) by piluso.clacso.edu.ar with esmtp (Exim 4.50) id 1Fkpqy-0007w9-Q9; Mon, 29 May 2006 19:04:48 -0300 Message-ID: <447B7138.9050009@clacso.edu.ar> Date: Mon, 29 May 2006 19:10:00 -0300 From: gus User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Peter N. M. Hansteen" References: <4474CE3D.8050702@clacso.edu.ar> <86slmy1e28.fsf@amidala.datadok.no> <44775759.9080202@clacso.edu.ar> <86irnrahoj.fsf@amidala.datadok.no> In-Reply-To: <86irnrahoj.fsf@amidala.datadok.no> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: pf configuration de Argentina X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 May 2006 22:03:12 -0000 Peter Thanks very much for the link.. Here my new file pf.conf ================================================== ext_if="xl0" # replace with actual external interface name i.e., dc0 internal_net="168.96.200.0/24" table { 168.96.200.9, 168.96.200.8, 168.96.200.54, 168.96.200.196 } table { 168.96.200.57, 168.96.200.87, 168.96.200.36 } altq on $ext_if cbq bandwidth 1Mb queue { def, ftp, udp, http, ssh, \ icmp, lan, badboys } queue def bandwidth 15% cbq (default borrow red) queue ftp bandwidth 15% cbq (borrow red) queue udp bandwidth 38% cbq (borrow red) queue http bandwidth 10% cbq (borrow red) #queue ssh bandwidth 20% cbq (borrow red) { ssh_interactive, ssh_bulk } #queue ssh_interactive priority 7 #queue ssh_bulk priority 0 queue icmp bandwidth 2% cbq queue lan bandwidth 10% priority 4 cbq (borrow red) queue badboys bandwidth 10% priority 4 cbq (borrow red) #pass log quick on $ext_if proto tcp from any to any port 22 flags S/SA \ keep state queue (ssh_bulk, ssh_interactive) pass in quick on $ext_if proto tcp from any to any port 20 flags S/SA \ keep state queue ftp pass in quick on $ext_if proto tcp from any to any port 80 flags S/SA \ keep state queue http pass out on $ext_if proto udp all keep state queue udp pass out on $ext_if proto icmp all keep state queue icmp