The state entry is "tagged" with the queue name. If a packet matches the
state, when it's transmitted, if a queue with that name exists on the
outgoing interface, it's used to restrict the traffic.
So you can simply setup queues like "queue mail on em1 ..." and assign
traffic with "match to port 25 queue mail".
--
Sent from a phone, apologies for poor formatting.
On 26 November 2017 21:01:08 Mario Theodoridis <[email protected]> wrote:
Hello everyone,
i'm using openbsd-6.2 as a home router gateway separating the internet
from a dmz (httpd, mail, wlan) and an internal network.
I would like to use queues to establish bandwidth policies for traffic
to my web and email servers and the rest of what goes on.
As an example, when a http request comes in, i really want to control
the bandwidth for the response via a match out on $extIf statement. And
maybe even the incoming request via a match out on $dmzIf.
In the past i've used a mix of match and pass rules to make that happen,
but found that unless i set no state on my pass rules, the answer
packets do not get evaluated on any outbound match rules.
Unfortunately using no state makes the rule set rather cumbersome and
hard to read.
Did i overlook something or is that the way to do this?
I just looked again at man pf.conf and the book of pf, but don't really
see any mention of keeping state in conjunction with bandwidth shaping.
Could someone enlighten me in this regard?
--
Mit freundlichen Grüßen/Best regards
Mario Theodoridis
