From owner-freebsd-pf@FreeBSD.ORG  Sat Nov 26 00:27:10 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DB18E16A41F
	for <freebsd-pf@freebsd.org>; Sat, 26 Nov 2005 00:27:10 +0000 (GMT)
	(envelope-from nivo+sender+38c70d@yuckfou.org)
Received: from ssdd.xs4all.nl (ssdd.xs4all.nl [195.64.89.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AFBCE43D82
	for <freebsd-pf@freebsd.org>; Sat, 26 Nov 2005 00:26:49 +0000 (GMT)
	(envelope-from nivo+sender+38c70d@yuckfou.org)
Received: from localhost (localhost [127.0.0.1])
	by imhotep.yuckfou.org (Postfix) with ESMTP id BDBA9685
	for <freebsd-pf@freebsd.org>; Sat, 26 Nov 2005 01:27:00 +0100 (CET)
Received: from ssdd.xs4all.nl ([127.0.0.1])
	by localhost (imhotep.yuckfou.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 61041-01 for <freebsd-pf@freebsd.org>;
	Sat, 26 Nov 2005 01:26:54 +0100 (CET)
Received: by imhotep.yuckfou.org (Postfix, from userid 1000)
	id 81624688; Sat, 26 Nov 2005 01:26:51 +0100 (CET)
Received: from [192.168.2.239] (turbata-xp.gondel.local [192.168.2.239]) by
	localhost.yuckfou.org (tmda-ofmipd) with ESMTP;
	Sat, 26 Nov 2005 01:26:48 +0100 (CET)
Message-ID: <4387ABB8.6010406@yuckfou.org>
Date: Sat, 26 Nov 2005 01:26:32 +0100
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Josh Finlay <montarotech@optusnet.com.au>
References: <000c01c5f20b$d19e4620$0600a8c0@delta>
In-Reply-To: <000c01c5f20b$d19e4620$0600a8c0@delta>
X-Enigmail-Version: 0.93.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Delivery-Agent: TMDA/1.0.3 (Seattle Slew)
From: Nils Vogels <nivo+sender+38c70d@yuckfou.org>
X-TMDA-Fingerprint: T66S5XgI4XyvUTeDABZNnntpq9g
X-Virus-Scanned: amavisd-new at yuckfou.org
X-Spam-Status: No, score=-4.399 tagged_above=-999 required=6.31
	tests=[ALL_TRUSTED=-1.8, BAYES_00=-2.599]
X-Spam-Score: -4.399
X-Spam-Level: 
Cc: freebsd-pf@freebsd.org
Subject: Re: ALTQ bandwidth limiting only from internet IPs
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Nils Vogels <nivo+d+1133569610.8826ef@yuckfou.org>
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Nov 2005 00:27:11 -0000

Josh Finlay wrote:

> pass out on $ExtIF from $Delta to any keep state queue q_delta_out
> pass out on $ExtIF from $Fear to any keep state queue q_fear_out
> pass out on $IntIF from $Delta to any keep state queue q_delta_in
> pass out on $IntIF from $Fear to any keep state queue q_fear_in
>
> This config seems to work quite well
> but its also queueing local traffic aswell
> so if I'm uploading from "Delta" to somewhere on the internet, my
> local ssh sessions (to the machine running pf) lag due to lack of free
> bandwidth
>
> So how do I tell PF to only queue if its an internet ip? or perhaps a
> better way of saying it, is to *not* queue local traffic (to/from
> local ips).

What you could try is something like this:

table <rfc1918> persist { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }
pass out on $ExtIF from $Delta to any keep state queue q_delta_out
pass out on $ExtIF from $Fear to any keep state queue q_fear_out
pass out on $IntIF from $Delta to ! <rfc1918> keep state queue q_delta_in
pass out on $IntIF from $Fear to ! <rfc1918> keep state queue q_fear_in

YMMV

-- 
Simple guidelines to happiness:
Work like you don't need the money,
love like your heart has never been broken and 
dance like no one can see you.