I have a situation where one of the web servers needs to have its output
throttled. I have pf with ALTQ CBQ running. The pf.conf file contains:
altq on $ext_if cbq bandwidth 100% queue {normal, web}
queue normal bandwidth 99% cbq(default)
queue web bandwidth 10Kb cbq
pass out log on $ext_if proto tcp to any
pass log proto tcp from any to any port 8001 queue web
pass log proto tcp from any port 8001 to any queue web
It seems to work. Requests to the web server at port 8001 are logged and the
output is definitely throttled although there are never any packets shown for
the last rule since the original request generates state which seems to
effectively bypass rule processing for the response from the web server.
The throttle on the input is pretty much meaningless but doesn't seem to cause
any problems. Without it in the next to last rule, the throttle is never
invoked. Likewise I have not found a way to get the output logged. Adding no
state to the next to last rule has no effect. I suspect that the last rule can
be removed.
Without the next to last rule, nothing is throttled.
Is there a better way to do this?_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
