pf.conf + altq problem

In my firewall cbq doesn't work, but I'm using hfsc.
Below is one rule:
altq on em1 hfsc bandwidth 100% queue net_em1
  queue net_em1 bandwidth 100Mb hfsc { link_em1 net1_em1 }
    queue link_em1 bandwidth 5Mb priority 2 hfsc(red
realtime 4Mb
upperlimit 10Mb)
    queue net1_em1 bandwidth 90Mb priority 1 hfsc(default)

Gilberto


2006/11/10, Michal Mertl <mimetraveller.cz>:
> Muhammad Reza wrote:
> > still not work with pass in rule.
> >
> > add info with this rule set:
> >
> > altq on xl1 bandwidth 100% cbq queue
{int_out,dflt_out}
> > queue int_out       bandwidth 3Mb
> > queue dflt_out      bandwidth  16Kb cbq (default)
> >
> > altq on xl2 bandwidth 100% cbq queue
{int_in,dflt_in}
> > queue int_in       bandwidth 3Mb
> > queue dflt_in      bandwidth 16Kb cbq (default)
> >
> > pass out log on xl1 from 172.16.0.228 to
202.57.14.1 keep  state flags
> > S/SA queue (int_out)
> > pass out log on xl2 from 202.57.14.1 to
172.16.0.228 keep state flags
> > S/SA queue (int_in)
> >
> > if i only enabled altq on in one interface only
(xl1 or xl2) , traffic
> > limitation that i want is can be done.
> >
> > Is there something that can be done with ALTQ and
PF or my rule is
> > bad ???
>
> The rules above (for TCP) do not match the traffic from
both directions
> of a single TCP connection - "flags S/SA"
matches just the first packet
> of the TCP session initiated by the source adress (on
the left). They
> limit only one direction of connections initiated from
either of the
> addresses. Try removing "flags S/SA".
>
> Michal
>
>
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"