pf state tracking??
Olaf de Bree
odebree at gmail.com
Fri Apr 24 00:45:09 UTC 2015
Hi all,
I'm hoping someone can help me with an issue i have with pf and tos
matching.
I wish to assign tos marked reply packets to an altq queue but i find that
when using the keep state option on a rule reply traffic is not inspected
and queued correctly because pf has a state for the request.
queuing should be performed out bound on the inside INT
EG
Client ----NO TOS----> Inside INT (PF) Outside INT
------------------------->Internet
<-------------------------------TOS
MARKED---------------------------------
It works correctly when using no state but i would like to keep state so i
may also use dummy net pipes at patch from the pfsense project
Working
pass out on em0 inet from any to <beam50143> tos 0x60 no state label
"USER_RULE: Normal Beam 501 CVC 43" queue q50143n
Not working
pass out on em0 inet from any to <beam50143> tos 0x60 keep state label
"USER_RULE: Normal Beam 501 CVC 43" queue q50143n
Is there any way to override PF's behaviour to inspect the reply traffic
and classify it correctly
Thanks in advance
Olaf
More information about the freebsd-pf
mailing list