On Thu, Mar 03, 2016 at 08:00:11PM -0600, Lists wrote:
> pfctl -vvf /etc/pf.conf will reload the rules.
>
> Match rule with nat for the ext_if may not match because your
> internal ips are not seen on the ext_if.
>
> systat q to check usage. Every pfctl -f /etc/pf.conf clears the
> queue counters.
>
> I would match in on int_if from <ios> to any. This way the nat
> translation will assign the queue rule.
>
Thanks for your reply. Without putting words in your mouth:
Queue's are now sticky (they weren't in the past);
I'll try:
match in on $int_if \
set queue default set prio 3
match in on $int_if proto tcp \
set queue (default, priority) set prio (3, 4)
match in on $int_if proto udp from <ios> \
set queue (priority) set prio 4
...
match out on $ext_if from $int_if:network \
nat-to ($ext_if)
That won't be perfect because I do static-port nat for some things but
I think I can arrange it.
Thanks again!
--
Chris
__o "All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*)____.___o____..___..o...________ooO..._____________________
Christopher Sean Hilton [chris/at/vindaloo/dot/com]
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
