how to limit bandwidth for incoming traffic that has destination to gateway itself

dll ....... darkdll at hotmail.com
Wed Nov 15 06:37:57 UTC 2006 

With my current pf.conf I can limit bandwidth from external to internal network
but I can't limit bandwidth from external to gateway (ie. connection create by gateway itself)
 
Sorry for my english
 
This is my pf.conf
 
ext_if="tun0"
int_if="rl1"
std_ports="{ ftp, http, https }"
iac_ports="{ 1863, 6111:6119 }"
table <LH> { self }
table <Ext> { !self , !$int_if:network , 0.0.0.0/0 }
 
set skip on lo0
set limit states 30000
set optimization normal
scrub all reassemble tcp
 
altq on $ext_if cbq bandwidth 512Kb queue { ack_out, dns_out, iac_out, std_out, p2p_out }
    queue ack_out bandwidth 10% priority 7 cbq(borrow)
    queue dns_out bandwidth 10% priority 5 cbq(borrow)
    queue iac_out bandwidth 20% priority 3 cbq(borrow)
    queue std_out bandwidth 40% priority 2 cbq(borrow)
    queue p2p_out bandwidth 20% priority 0 cbq(default ,borrow)
altq on $int_if cbq bandwidth 100Mb queue { loc_in, ext_in }
    queue loc_in bandwidth 99Mb priority 5 cbq(borrow)
    queue ext_in bandwidth 1Mb priority 1 { iac_in, std_in, p2p_in }
        queue iac_in bandwidth 20% priority 5 cbq(borrow)
        queue std_in bandwidth 50% priority 3 cbq(borrow)
        queue p2p_in bandwidth 30% priority 0 cbq(default, rio ,borrow)
nat on $ext_if from $int_if:network to <Ext> tag INT_NAT -> ($ext_if)
block log all
antispoof quick for $int_if
pass in on $int_if from $int_if:network to <Ext> flags S/SAFR keep state queue p2p_in
pass in on $int_if proto tcp from $int_if:network to <Ext> port $std_ports flags S/SAFR keep state queue std_in
pass in on $int_if proto tcp from $int_if:network to <Ext> port $iac_ports flags S/SAFR keep state queue iac_in
pass out on $ext_if from <LH> to <Ext> flags S/SAFR modulate state queue(p2p_out, ack_out)
pass out on $ext_if proto tcp from <LH> to <Ext> port $std_ports flags S/SAFR modulate state queue(std_out, ack_out)
pass out on $ext_if proto tcp from <LH> to <Ext> port ssh flags S/SAFR modulate state queue(std_out, iac_out)
pass out on $ext_if proto tcp from <LH> to <Ext> port $iac_ports flags S/SAFR modulate state queue(iac_out, ack_out)
 
Is there something wrong with this pf.conf
Help me please
 
Thanks
dll
_________________________________________________________________
Try Live.com: where your online world comes together - with news, sports, weather, and much more.
http://www.live.com/getstarted

More information about the freebsd-pf mailing list