Muhammad Reza wrote:
> still not work with pass in rule.
>
> add info with this rule set:
>
> altq on xl1 bandwidth 100% cbq queue {int_out,dflt_out}
> queue int_out bandwidth 3Mb
> queue dflt_out bandwidth 16Kb cbq (default)
>
> altq on xl2 bandwidth 100% cbq queue {int_in,dflt_in}
> queue int_in bandwidth 3Mb
> queue dflt_in bandwidth 16Kb cbq (default)
>
> pass out log on xl1 from 172.16.0.228 to 202.57.14.1
keep state flags
> S/SA queue (int_out)
> pass out log on xl2 from 202.57.14.1 to 172.16.0.228
keep state flags
> S/SA queue (int_in)
>
> if i only enabled altq on in one interface only (xl1 or
xl2) , traffic
> limitation that i want is can be done.
>
> Is there something that can be done with ALTQ and PF or
my rule is
> bad ???
The rules above (for TCP) do not match the traffic from both
directions
of a single TCP connection - "flags S/SA" matches
just the first packet
of the TCP session initiated by the source adress (on the
left). They
limit only one direction of connections initiated from
either of the
addresses. Try removing "flags S/SA".
Michal
_______________________________________________
freebsd-pf freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
|