I use default state-policy (floating). As I can remember, if-bound policy works diferent.
[EMAIL PROTECTED] píše v St 30. 07. 2008 v 11:29 +0300: > Thanks for suggestion. Is any difference using set state-policy if-bound? > When what state policy to use? > > Thanks, Albertas > > > > PF makes 2 states per connection, so try this > > ($int_if is users LAN) > > > > pass in quick on $int_if from 10.0.0.1 to any tag user1 queue download1 > > pass in quick on $ext_if from any to 10.0.0.1 tag user1 queue upload1 > > pass out quick on $int_if tagged user1 queue download1 > > pass out quick on $ext_if tagged user1 queue upload1 > > .....and so on for another users > > > > > > [EMAIL PROTECTED] píše v St 30. 07. 2008 v 09:43 +0300: > >> Hello once more, > >> It whould be very interesting to hear from you how to use keep state for > >> router, shaping in and out traffic. > >> I am using around thousand of queues(hfsc) and it makes a lot of > >> performace problems. Using keep state it would reduce it, but as i > >> mention > >> before, i have problems using it. > >> > >> Sincerely Yours, > >> Albertas > >> > >> > ext_if="bge0" > >> > int_if="bge1" > >> > > >> > pass out quick on $ext_if from 10.0.0.1 to any queue upload1 > >> > pass out quick on $int_if from any to 10.0.0.1 queue download1 > >> > > >> > pass out quick on $ext_if from 10.0.0.2 to any queue upload2 > >> > pass out quick on $int_if from any to 10.0.0.2 queue download2 > >> > > >> > pass out quick on $ext_if from 10.0.0.3 to any queue upload3 > >> > pass out quick on $int_if from any to 10.0.0.3 queue download3 > >> > > >> > pass in all > >> > pass out all > >> > > >> > #10.0.0.x users subnet > >> > > >> > Hello, > >> > I have problems with keep state usage. I need to shape ingoing and > >> > outgoing trafic (no nat). > >> > Before I used sintax like above, but then I used it with keyword "keep > >> > state" some useres reported problems with trafic. > >> > With version FreeBSD 7 with keep state on pass rules are not working > >> at > >> > all. > >> > Question is how to deal with keep state for in and out trafic then i > >> need > >> > to shape both? I tried to use set state-policy if-bound but it had no > >> > impact. > >> > > >> > _______________________________________________ > >> > [email protected] mailing list > >> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > >> > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > >> > > >> > >> > >> _______________________________________________ > >> [email protected] mailing list > >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf > >> To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > > > > > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
