Peter
Thanks very much for the link..
Here my new file pf.conf
==================================================
ext_if="xl0" # replace with actual external
interface name i.e., dc0
internal_net="168.96.200.0/24"
table <lan> { 168.96.200.9, 168.96.200.8,
168.96.200.54, 168.96.200.196 }
table <badboys> { 168.96.200.57, 168.96.200.87,
168.96.200.36 }
altq on $ext_if cbq bandwidth 1Mb queue { def, ftp, udp,
http, ssh, \
icmp, lan, badboys }
queue def bandwidth 15% cbq (default borrow red)
queue ftp bandwidth 15% cbq (borrow red)
queue udp bandwidth 38% cbq (borrow red)
queue http bandwidth 10% cbq (borrow red)
#queue ssh bandwidth 20% cbq (borrow red) { ssh_interactive,
ssh_bulk }
#queue ssh_interactive priority 7
#queue ssh_bulk priority 0
queue icmp bandwidth 2% cbq
queue lan bandwidth 10% priority 4 cbq (borrow red)
queue badboys bandwidth 10% priority 4 cbq (borrow red)
#pass log quick on $ext_if proto tcp from any to any port 22
flags S/SA \
keep state queue (ssh_bulk, ssh_interactive)
pass in quick on $ext_if proto tcp from any to any port 20
flags S/SA \
keep state queue ftp
pass in quick on $ext_if proto tcp from any to any port 80
flags S/SA \
keep state queue http
pass out on $ext_if proto udp all keep state queue udp
pass out on $ext_if proto icmp all keep state queue icmp
But
Don't run to 10% under http.
Run to 60k ...
Could you help me!!!
_______________________________________________
freebsd-pf freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
|