List Info

Thread: how to limit bandwidth for incoming traffic that has destination to gateway itself
how to limit bandwidth for incoming traffic that has destination to gateway itself
user name
 2006-11-15 12:26:09 
You have to change from:
pass out on $ext_if proto tcp from <LH> to <Ext>
port ssh flags S/SAFR
modulate state queue(std_out, iac_out)
pass out on $ext_if proto tcp from <LH> to <Ext>
port $iac_ports flags
S/SAFR modulate state queue(iac_out, ack_out)

to:
pass in on $ext_if proto tcp from <LH> to <Ext>
port ssh flags S/SAFR
modulate state queue(std_out, iac_out)
pass in on $ext_if proto tcp from <LH> to <Ext>
port $iac_ports flags S/SAFR
modulate state queue(iac_out, ack_out)

Since you are tracking state with S/SAFR that rule can keep
track only of
connetion initiated by $gateway itself.
If you use in it will track the connection generated by
outside peers.

Don't confuse the concept that ALTQ shapes only outgoing
connections with
the keep state one.

Hopes it helps.
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )