Thank for your help.After I change pf.conf I can't connect
to internet from local network machine. If we want to shape
incoming bandwidth it must shape on internal interface that
connect to client in local network this done by limit out
going bandwidth return to local network.Do I misunderstand
something. But If we want shape incoming bandwidth that
return to gateway machine not to local network above method
will not work because it does not pass through internal
interface.How to do it.
Sorry for my englishThanks
> Date: Wed, 15 Nov 2006 13:26:09 +0100> From:
ermal.luci gmail.com> To: freebsd-pffreebsd.org> Subject:
Re: how to limit bandwidth for incoming traffic that has
destination to gateway itself> > You have to change
from:> pass out on $ext_if proto tcp from <LH> to
<Ext> port ssh flags S/SAFR> modulate state
queue(std_out, iac_out)> pass out on $ext_if proto tcp
from <LH> to <Ext> port $iac_ports flags>
S/SAFR modulate state queue(iac_out, ack_out)> >
to:> pass in on $ext_if proto tcp from <LH> to
<Ext> port ssh flags S/SAFR> modulate state
queue(std_out, iac_out)> pass in on $ext_if proto tcp
from <LH> to <Ext> port $iac_ports flags
S/SAFR> modulate state queue(iac_out, ack_out)> >
Since you are tracking state with S/SAFR that rule can keep
track only of> connetion initiated by $gateway
itself.> If you use in it will track the connection
generated by outside peers.> > Don't confuse the
concept that ALTQ shapes only outgoing connections with>
the keep state one.> > Hopes it he
lps.> _______________________________________________
____________________________________________________________
_____
Try Live.com - your fast, personalized homepage with all the
things you care about in one place.
http://www.live.com/ge
tstarted
_______________________________________________
freebsd-pffreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
|