Date: Wed, 27 Aug 2008 16:17:56 +0530 From: "Rajkumar S" <rajkumars@gmail.com> To: freebsd-pf@freebsd.org Subject: ALTQ and shaping an existing session Message-ID: <64de5c8b0808270347p2d8cf9ccydd63cae3b1ea6a14@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi,
I have configured pf/altq to shape traffic in my freebsd box. rule
fragments are as below.
altq on rl0 cbq bandwidth 512Kb queue { lanRoot }
altq on rl1 cbq bandwidth 512Kb queue { wanRoot }
queue lanRoot bandwidth 512Kb cbq { lanStd , lanBad }
queue lanStd bandwidth 400Kb cbq (default)
queue lanBad bandwidth 112Kb cbq #(default)
queue wanRoot bandwidth 512Kb cbq { wanStd , wanBad }
queue wanStd bandwidth 450Kb cbq (default)
queue wanBad bandwidth 62Kb cbq #(default)
pass out quick on $lan from any to any keep state
pass in quick on $lan from <badguys> to any keep state queue lanBad
pass in quick on $lan from any to any keep state
pass out quick on $ext_if from any to any keep state
pass in quick on $ext_if from any to <badguys> keep state queue wanBad
pass in quick on $ext_if from any to any keep state
IPs are added to <badguys> by an external program based on bandwidth.
The problem is that even when a new ip is added to or removed from
<badguys> already existing sessions from the newly added ip continues
to have previous shaping configuration. All new sessions are shaped as
expected. I have tried rules without "keep state", but results are the
same. Is this the expected behavior of pf? Can the shaping be
performed for existing sessions also when an ip is added to <badguys>?
with regards,
raj
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?64de5c8b0808270347p2d8cf9ccydd63cae3b1ea6a14>