Hi all,
I'm hoping someone can help me with an issue i have with pf and tos
matching.
I wish to assign tos marked reply packets to an altq queue but i find that
when using the keep state option on a rule reply traffic is not inspected
and queued correctly because pf has a state for the request.
queuing should be performed out bound on the inside INT
EG
Client ----NO TOS----> Inside INT (PF) Outside INT
------------------------->Internet
<-------------------------------TOS
MARKED---------------------------------
It works correctly when using no state but i would like to keep state so i
may also use dummy net pipes at patch from the pfsense project
Working
pass out on em0 inet from any to <beam50143> tos 0x60 no state label
"USER_RULE: Normal Beam 501 CVC 43" queue q50143n
Not working
pass out on em0 inet from any to <beam50143> tos 0x60 keep state label
"USER_RULE: Normal Beam 501 CVC 43" queue q50143n
Is there any way to override PF's behaviour to inspect the reply traffic
and classify it correctly
Thanks in advance
Olaf
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
