In my firewall cbq doesn't work, but I'm using hfsc.
Below is one rule:
altq on em1 hfsc bandwidth 100% queue net_em1
queue net_em1 bandwidth 100Mb hfsc { link_em1 net1_em1 }
queue link_em1 bandwidth 5Mb priority 2 hfsc(red realtime 4Mb
upperlimit 10Mb)
queue net1_em1 bandwidth 90Mb priority 1 hfsc(default)
Gilberto
2006/11/10, Michal Mertl <[EMAIL PROTECTED]>:
Muhammad Reza wrote:
> still not work with pass in rule.
>
> add info with this rule set:
>
> altq on xl1 bandwidth 100% cbq queue {int_out,dflt_out}
> queue int_out bandwidth 3Mb
> queue dflt_out bandwidth 16Kb cbq (default)
>
> altq on xl2 bandwidth 100% cbq queue {int_in,dflt_in}
> queue int_in bandwidth 3Mb
> queue dflt_in bandwidth 16Kb cbq (default)
>
> pass out log on xl1 from 172.16.0.228 to 202.57.14.1 keep state flags
> S/SA queue (int_out)
> pass out log on xl2 from 202.57.14.1 to 172.16.0.228 keep state flags
> S/SA queue (int_in)
>
> if i only enabled altq on in one interface only (xl1 or xl2) , traffic
> limitation that i want is can be done.
>
> Is there something that can be done with ALTQ and PF or my rule is
> bad ???
The rules above (for TCP) do not match the traffic from both directions
of a single TCP connection - "flags S/SA" matches just the first packet
of the TCP session initiated by the source adress (on the left). They
limit only one direction of connections initiated from either of the
addresses. Try removing "flags S/SA".
Michal
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
