Date: Fri, 24 Apr 2015 10:45:08 +1000 From: Olaf de Bree <odebree@gmail.com> To: freebsd-pf@freebsd.org Subject: pf state tracking?? Message-ID: <CAAVr=y7NTJPsTT0xQVMuiNMn2jn6c7noTvsFvpKPvAFJpMd59w@mail.gmail.com>
index | next in thread | raw e-mail
Hi all,
I'm hoping someone can help me with an issue i have with pf and tos
matching.
I wish to assign tos marked reply packets to an altq queue but i find that
when using the keep state option on a rule reply traffic is not inspected
and queued correctly because pf has a state for the request.
queuing should be performed out bound on the inside INT
EG
Client ----NO TOS----> Inside INT (PF) Outside INT
------------------------->Internet
<-------------------------------TOS
MARKED---------------------------------
It works correctly when using no state but i would like to keep state so i
may also use dummy net pipes at patch from the pfsense project
Working
pass out on em0 inet from any to <beam50143> tos 0x60 no state label
"USER_RULE: Normal Beam 501 CVC 43" queue q50143n
Not working
pass out on em0 inet from any to <beam50143> tos 0x60 keep state label
"USER_RULE: Normal Beam 501 CVC 43" queue q50143n
Is there any way to override PF's behaviour to inspect the reply traffic
and classify it correctly
Thanks in advance
Olaf
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAVr=y7NTJPsTT0xQVMuiNMn2jn6c7noTvsFvpKPvAFJpMd59w>