On 2011-09-26, Michel Blais <[email protected]> wrote: > So it really look like a bug. When I erase state with > pfctl -k x.x.x.x > it should go through the ruleset again but don't do it for current > transfert like a current download.
This only erases the state in one direction..try: pfctl -k x.x.x.x; pfctl -k 0.0.0.0/0 -k x.x.x.x >> 3 - Is their a way to change of queue a transfert without >> stopping / resuming the transfer ? Not reliably while using stateful rules. If you completely kill the state in both directions you could pick up the already open connection with a 'flags any' rule, however, if the connection uses window-scaling (which is done by default by many OS nowadays), this will break sooner or later. See the text for "flags <a> /<b> | any" in pf.conf(5). >> 4 - Why a upload rule is needed to send download traffic to a queue ? Queue *assignment* is done at the point you create state (or, if you use stateless rules, when the packet hits a 'pass' rule). The actual *queueing* takes place in the interface output routine. A common mistake amongst people learning altq is to confuse the assignment with the actual queueing.
