queueing: give some BW to each addr (in a table)?

Travis H. solinym at gmail.com
Wed Jun 28 08:33:34 UTC 2006


On 6/27/06, McLone <mclone at gmail.com> wrote:
> We have many clients here, so i wanted to do it
> on my freebsd6 router, with simple cron job switching
> tables in PF, but pf doesn't support a thing like
> "give EACH ip in that table N kbits/s".

Yes, what you want is a list.

> So i have one option now - write some pf.conf
> preprocessor, with soem frontend to edit it.

If you know python, check out dfd_keeper.

There is an OpenBSD port here:
http://www.lightconsulting.com/~travis/OpenBSD/

Basically you can, from a script that uses nc/netcat, add or delete
from a list relatively trivially.  It then renders the ruleset and
loads it into pf.  It looks intimidating at first but isn't really.
You have my permission to use it in your commercial environment.  Once
installed, you need to write a short python script; there is an
example in the dist (but it doesn't get installed by the port yet,
sorry).

If you have any further questions, or if you want [paid] help
implementing it, email me.
-- 
"I sometimes have delusions of adequacy" -- Woody Allen
Security "guru" for rent or hire - http://www.lightconsulting.com/~travis/ -><-
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484


More information about the freebsd-pf mailing list