On Tue, 18 Jul 2023 00:03:59 -0400 Mason Loring Bliss <ma...@blisses.org> wrote:
> I'm likely going to have to move to an Internet connection with > asymmetric bandwidth soon, and I want to be proactive with the > firewalling to avoid the connection choking on itself. > > There's a fair amount of documentation out there for bumping the > priority on acks with pf and altq, and that seems reasonable, but is > there anything equivalent I can do with ipfw? I'd prefer ipfw if > possible, but I'll switch if I need to. > You can use ng_bpf for matching TCP ACK (if ipfw can not, I have no idea about ipfw). https://reviews.freebsd.org/D30175 http://netlab.dhis.org/wiki/software:freebsd:igmpproxy_on_netgraph ipfw can work with netgraph so you may adop these samples from raw ethernet frames to ip packets. Next step is put all non TCP ACKs to dumminet with limit to 90% of upstream bandwith and pass TCP ACKs to upstream directly. Also DNS, ICMP good to have high prio. For links > 10mbps probably you will not see diff. I stop play with that years ago )
