List Info

Thread: how to limit bandwidth for incoming traffic that has destination to gateway itself
how to limit bandwidth for incoming traffic that has destination to gateway itself
user name
 2006-11-15 06:37:56 
With my current pf.conf I can limit bandwidth from external
to internal network
but I can't limit bandwidth from external to gateway (ie.
connection create by gateway itself)
 
Sorry for my english
 
This is my pf.conf
 
ext_if="tun0"
int_if="rl1"
std_ports="{ ftp, http, https }"
iac_ports="{ 1863, 6111:6119 }"
table <LH> 
table <Ext> { !self , !$int_if:network , 0.0.0.0/0 }
 
set skip on lo0
set limit states 30000
set optimization normal
scrub all reassemble tcp
 
altq on $ext_if cbq bandwidth 512Kb queue { ack_out,
dns_out, iac_out, std_out, p2p_out }
    queue ack_out bandwidth 10% priority 7 cbq(borrow)
    queue dns_out bandwidth 10% priority 5 cbq(borrow)
    queue iac_out bandwidth 20% priority 3 cbq(borrow)
    queue std_out bandwidth 40% priority 2 cbq(borrow)
    queue p2p_out bandwidth 20% priority 0 cbq(default
,borrow)
altq on $int_if cbq bandwidth 100Mb queue { loc_in, ext_in }
    queue loc_in bandwidth 99Mb priority 5 cbq(borrow)
    queue ext_in bandwidth 1Mb priority 1 { iac_in, std_in,
p2p_in }
        queue iac_in bandwidth 20% priority 5 cbq(borrow)
        queue std_in bandwidth 50% priority 3 cbq(borrow)
        queue p2p_in bandwidth 30% priority 0 cbq(default,
rio ,borrow)
nat on $ext_if from $int_if:network to <Ext> tag
INT_NAT -> ($ext_if)
block log all
antispoof quick for $int_if
pass in on $int_if from $int_if:network to <Ext> flags
S/SAFR keep state queue p2p_in
pass in on $int_if proto tcp from $int_if:network to
<Ext> port $std_ports flags S/SAFR keep state queue
std_in
pass in on $int_if proto tcp from $int_if:network to
<Ext> port $iac_ports flags S/SAFR keep state queue
iac_in
pass out on $ext_if from <LH> to <Ext> flags
S/SAFR modulate state queue(p2p_out, ack_out)
pass out on $ext_if proto tcp from <LH> to <Ext>
port $std_ports flags S/SAFR modulate state queue(std_out,
ack_out)
pass out on $ext_if proto tcp from <LH> to <Ext>
port ssh flags S/SAFR modulate state queue(std_out, iac_out)
pass out on $ext_if proto tcp from <LH> to <Ext>
port $iac_ports flags S/SAFR modulate state queue(iac_out,
ack_out)
 
Is there something wrong with this pf.conf
Help me please
 
Thanks
dll
____________________________________________________________
_____
Try Live.com: where your online world comes together - with
news, sports, weather, and much more.
http://www.live.com/ge
tstarted
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )