From owner-freebsd-pf@FreeBSD.ORG Thu Oct 4 19:19:25 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9B4F916A41A for ; Thu, 4 Oct 2007 19:19:25 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158]) by mx1.freebsd.org (Postfix) with ESMTP id 7635B13C44B for ; Thu, 4 Oct 2007 19:19:25 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1IdWEG-0003A3-Nz for freebsd-pf@freebsd.org; Thu, 04 Oct 2007 12:19:24 -0700 Message-ID: <13046989.post@talk.nabble.com> Date: Thu, 4 Oct 2007 12:19:24 -0700 (PDT) From: Umar To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: unix.co@gmail.com Subject: altq within anchor X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2007 19:19:25 -0000 Dear members! I want to include altq anchor within my pf.conf but i got error. here is the altqrule file /home/anchor-altq altq on fxp0 bandwidth 100Mb cbq queue { default, ip4, ip5, ip6, ip7 } queue default bandwidth 90Mb cbq (default) queue ip bandwidth 90Kb queue ip5 bandwidth 90Kb queue ip6 bandwidth 90Kb queue ip7 bandwidth 90Kb anchor altqrules here is my /etc/pf.conf file <-------snip--------> int_if = "fxp0" ext_if = "rl0" lan_net = "192.168.1.0/24" # Options: tune the behavior of pf, default values are given. set timeout { interval 10, frag 30 } set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 } set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 } set timeout { udp.first 60, udp.single 30, udp.multiple 60 } set timeout { icmp.first 20, icmp.error 10 } set timeout { other.first 60, other.single 30, other.multiple 60 } set timeout { adaptive.start 0, adaptive.end 0 } set limit { states 10000, frags 5000 } set loginterface none set optimization normal set block-policy drop set require-order yes set fingerprints "/etc/pf.os" # Normalization: reassemble fragments and resolve or reduce traffic ambiguities. scrub in all # Bandwidth Shapping anchor altqrules load anchor altqrules from "/home/anchor-altq" # Translation: specify how addresses are to be mapped or redirected. nat on $ext_if from { $lan_net } to any -> ($ext_if) pass in quick on lo0 all pass in quick on $int_if from $lan_net to any keep state pass out on $int_if from any to any keep state pass out on $ext_if from any to any keep state # default deny block in log on $ext_if <-------snip--------> but when i reload my pf i got the error Reloading pf rules. /etc/pf.conf:36: Rules must be in order: options, normalization, queueing, translation, filtering /etc/pf.conf:37: Rules must be in order: options, normalization, queueing, translation, filtering /etc/pf.conf:38: Rules must be in order: options, normalization, queueing, translation, filtering /etc/pf.conf:39: Rules must be in order: options, normalization, queueing, translation, filtering Please help what should i do? Regards, Umar Draz -- View this message in context: http://www.nabble.com/altq-within-anchor-tf4570970.html#a13046989 Sent from the freebsd-pf mailing list archive at Nabble.com.