From owner-freebsd-pf@FreeBSD.ORG Wed Jul 23 13:27:58 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9C5F9106564A for ; Wed, 23 Jul 2008 13:27:58 +0000 (UTC) (envelope-from weaseal@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.231]) by mx1.freebsd.org (Postfix) with ESMTP id 843C88FC08 for ; Wed, 23 Jul 2008 13:27:58 +0000 (UTC) (envelope-from weaseal@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so2856758rvf.43 for ; Wed, 23 Jul 2008 06:27:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=ooOmFPJCpA59oHleEg9JrbC0thlSUskF5HmMjmuB/30=; b=SRnCz3/EL4+tWhtwo2i+fx76u+m2j/Ii2uxGXaxrfGBzhUVWj/4uaGiDv7S6y1WC0F L43vP13hzJQsoGLOr1Y2daAFMEIEDW0vZODoZRSdx8wFVFmRzFk+Y5lXB8r8nBriD8JP 3uvwHWkY2tdInJ7by+2mBQFVDdK9hmmqy35Fg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=b/O6thyXnnKQpO8BL5aAfU9VOU/DHsNnxyy6h78AlJconPc1qW5c4CTo0egyKFykH1 5iBqzTPISEgjCkVU4mGYcTsuyMx3LRCNkSqyt0ExGXzvg3JKjB60ViLKvPR7S5nQqitI M5vDcem0X1s9a4JkwT56JCNwD710eTB1rJhHk= Received: by 10.140.133.9 with SMTP id g9mr47583rvd.235.1216818228076; Wed, 23 Jul 2008 06:03:48 -0700 (PDT) Received: by 10.140.170.2 with HTTP; Wed, 23 Jul 2008 06:03:48 -0700 (PDT) Message-ID: <8dfae1c10807230603o1060aa69jc9ccf2e4bc66f275@mail.gmail.com> Date: Wed, 23 Jul 2008 16:03:48 +0300 From: "Walter Venable" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Limiting client bandwidth with PF X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jul 2008 13:27:58 -0000 Hi all, I'm having some trouble getting pf to do what I want. I'm a newbie to pf, so I can't get my configuration quite right. We have a 3Mb/1Mb connection and I want to limit my clients each to 128Kbps/64Kbps. First things first, limit them to 128Kbps, but that isn't even working, as clients are still maxing at 3Mbps: $ cat /etc/pf.conf int_if="rl0" ext_if="nfe0" int_net="192.168.2.0/24" altq on $ext_if hfsc bandwidth 3Mb queue { clients } queue clients bandwidth 128Kb hfsc ( default rio ) pass in quick log on $int_if proto tcp from $int_net to any \ flags S/SA keep state queue clients $ sudo pfctl -sq queue root_nfe0 on nfe0 bandwidth 3Mb priority 0 {clients} queue clients on nfe0 bandwidth 128Kb hfsc( rio default ) Can anyone say why this isn't working? More info about the network if you need it: Internet -- Router (192.168.1.1) -- (nfe0 @ 192.168.1.200 ) FreeBSD Gateway (rl0 @ 192.168.2.1) -- switch -- Clients (192.168.2.0/24)