On Mon, Sep 19, 2005 at 08:59:48PM +0200, -f wrote:
> hmm, on Mon, Sep 19, 2005 at 10:01:58AM -0600, j knight said that
> > > i was thinking of making another rule, just below this one:
> > > 
> > > block in
> > > block in log from any to $ext_if
> > 
> > Another alternative:
> > 
> > block in quick to $ext_if:broadcast
> > block in log

  eew quick
 
> this doesn't seem to have the disired effect...
> the rule got translated into
> 
> block drop in quick inet from any to xxx.xxx.xxx.255
> 
> and is not stopping all the noise...

  heh.. cable modem? (arparparparparparparparp.. :P)...

  what is the noise exactly?

  give tcpdump pflog0, make known what is/isn't your IP
  ( xxx out the middle 2 octets or whatever makes you happy ).

  i understand you mean 'noise' to be "a lot of traffic that shows up
  on my line that is full of valid CRCs but not intended for me or of
  no interest to me", but what is it, exactly?

> > You either do something like this or you filter your logs when viewing
> > them/running reports to exclude "line noise".
> 
> small disk, old machine, why keep the noise? ;)

  i use:

---------------
e =                     sis2
adsl_up =               700Kb
TCP_NOISE =             "{ 135 139 445 1080 1433 3128 }"
UDP_NOISE =             "{ 1026 1027 }"

set block-policy return

altq on $e hfsc bandwidth $adsl_up queue{ exthi extlo extLAN }
queue exthi             on $e   bandwidth 20%   priority 6 hfsc( upperlimit 
$adsl_up )
queue extlo             on $e   bandwidth 20%   priority 0 hfsc( upperlimit 
$adsl_up default )
queue extLAN            on $e   bandwidth 20% { u192.168.7.X }
queue u192.168.7.X      on $e   bandwidth 192b  { u192.168.7.Xd u192.168.7.Xa }
queue u192.168.7.Xd     on $e   bandwidth  64b  priority 2 hfsc( upperlimit 
$adsl_up )
queue u192.168.7.Xa     on $e   bandwidth 128b  priority 4 hfsc( upperlimit 
$adsl_up )

block log all

block on $e proto tcp from any to (carp0:0) port $TCP_NOISE queue( extlo )
block on $e proto udp from any to (carp0:0) port $UDP_NOISE queue( extlo )
---------------

  please don't flame for the lameass use of HFSC, i'm always in the 
  middle of playing with it <G>.

  anyway, this makes it so that anything blocked matching the {TCP,UDP}_NOISE
  macros doesn't spam up my pflog.

  jared

-- 

[ openbsd 3.8 GENERIC ( sep 10 ) // i386 ]

Reply via email to