From owner-freebsd-stable@FreeBSD.ORG  Fri Dec 16 16:30:03 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D17C616A41F
	for <freebsd-stable@freebsd.org>; Fri, 16 Dec 2005 16:30:03 +0000 (GMT)
	(envelope-from vivek@khera.org)
Received: from yertle.kcilink.com (yertle.kcilink.com [65.205.34.180])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9E2FE43D4C
	for <freebsd-stable@freebsd.org>; Fri, 16 Dec 2005 16:30:00 +0000 (GMT)
	(envelope-from vivek@khera.org)
Received: from [192.168.7.103] (host-103.int.kcilink.com [192.168.7.103])
	by yertle.kcilink.com (Postfix) with ESMTP id 846ABB80F
	for <freebsd-stable@freebsd.org>; Fri, 16 Dec 2005 11:29:54 -0500 (EST)
Mime-Version: 1.0 (Apple Message framework v746.2)
In-Reply-To: <43A25AFF.2090501@bitparts.org>
References: <43A25AFF.2090501@bitparts.org>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <28458AB8-854C-475A-8CF4-8BE979C0794D@khera.org>
Content-Transfer-Encoding: 7bit
From: Vivek Khera <vivek@khera.org>
Date: Fri, 16 Dec 2005 11:29:52 -0500
To: freebsd-stable <freebsd-stable@freebsd.org>
X-Mailer: Apple Mail (2.746.2)
Subject: Re: My ungodly PF config - am I sane and brilliant,
	or just deluded and dangerous?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Dec 2005 16:30:04 -0000


On Dec 16, 2005, at 1:13 AM, J. Buck Caldwell wrote:

> Here's the fun part. Our traffic has gotten to the point where I've  
> decided that some traffic shaping (ALTQ) is necessary. I've been  
> experimenting with my home cable internet connection (and gif  
> tunnel to work), and I believe I've come up with a workable  
> solution. However, I'd like to run it by some experts to see if I'm  
> screwing up (or hitting any possible limits) before I try putting  
> it in place live.

You may wish to take a look at an embedded GUI based firewall system  
like pfSense to help you configure this.  It has a traffic shaping  
wizard and can do IPsec VPNs as well.  It is based on FreeBSD 6.0 so  
will run on whatever hardware you've got already.

See http://www.pfsense.com/