From owner-freebsd-pf@FreeBSD.ORG Thu Jun 24 21:00:07 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AA2B7106564A for ; Thu, 24 Jun 2010 21:00:07 +0000 (UTC) (envelope-from buchtajz@borsice.net) Received: from mx.sitkom.cz (mx.sitkom.cz [109.164.0.132]) by mx1.freebsd.org (Postfix) with ESMTP id 53A248FC12 for ; Thu, 24 Jun 2010 21:00:07 +0000 (UTC) Received: from spamd.mail.sitkom.cz (mail.mx.sitkom.cz [10.13.126.5]) by mx.mail.sitkom.cz (Postfix) with ESMTP id C7CEE1C673D for ; Thu, 24 Jun 2010 22:41:36 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.mx.sitkom.cz X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 Received: from avscan.mail.sitkom.cz (mx.sitkom.cz [109.164.0.132]) by spamd.mail.sitkom.cz (Postfix) with ESMTP id A0A381C66F2 for ; Thu, 24 Jun 2010 22:41:36 +0200 (CEST) Received: from [10.10.0.12] (manwe.buchtikov.borsice.sfn [10.10.0.12]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx.sitkom.cz (Postfix) with ESMTPSA id 831CB1C6417 for ; Thu, 24 Jun 2010 22:41:36 +0200 (CEST) Message-ID: <4C23C2EC.8060102@borsice.net> Date: Thu, 24 Jun 2010 22:41:16 +0200 From: Michal Buchtik User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1.10) Gecko/20100622 Thunderbird/3.0.5 MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Subject: Re: Unknown Behavior of PF+ALTQ on a Bridge X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jun 2010 21:00:07 -0000 Hi, On 2010/06/24 21:42, Rafael Henrique Faria wrote: > So, my question is: why the default queue is being used, If I have a > rule to use the out_bal queue to all outgoing traffic on that > interface? > > I need to redirect all the traffic from a subnet (/24) to one queue > (incoming and outgoing traffic)... so what I can understand is that, > this is not possible with PF+ALTQ. Am I wrong? > > I never try pf on bridge, but on router. You must create queues on every interface (only outgoing packets are queued) and pass rules on every interface too. States created then directs packets to right queue. Try something like: pass in log quick on $lan_if from to any tag SUB1_UP keep state queue ( down_sub1 ) pass out log quick on $wan_if tagged SUB1_UP keep state queue (up_sub1) pass in log quick on $wan_if from any to tag SUB1_DOWN keep state queue ( up_sub1 ) pass out log quick on $lan_if tagged SUB1_DOWN keep state queue ( down_sub1 ) or try "no state", but with performance decrease. This is only working solution I found (on router).