Hi, I'm using state-policy if-bound. if-bound states are bound to interface so you need to add just one rule to your setup.
set state-policy if-bound pass in quick on $int_if from <unlimited> to any keep state queue unlimited_in If you want to queue incoming traffic from users then you set limit on $ext_if.Outgoing traffic should be set to $int_if Cheers Tihomir http://koychev.com spamassassinexception ----- Original Message ---- From: Russell Fulton <[EMAIL PROTECTED]> To: packet fiter <[email protected]> Sent: Tuesday, January 29, 2008 2:54:43 AM Subject: Queues and state Hi Folks We have been using pf on our campus firewall for many years now and are now looking at adding some queueing. I know that one can only queue on the outbound interface. We want to queue traffic in both directions so we have to have two queues one on the external interface to queue outbound traffic and one on the internal interface to queue the incoming traffic. So far so good. What has me a little confused is how best to handle sessions with state. we have a rule: pass out quick on $ext_if from <unlimited> to any keep state queue unlimited_out where unimited_out is defined as applying to $ext_if. We have defined a queue unlimited_in on $int_if but what is the best way to assign the traffic to it? After reading the docs I conclude that I should change the state policy to if_bound and add pass out quick on $int_if from <unlimited> to any modulate state queue unlimited_out Is this the best way to do it? Thanks, Russell
