again Argentina
gus
gus at clacso.edu.ar
Mon May 29 15:09:41 PDT 2006
Peter
Thanks very much for the link..
Here my new file pf.conf
==================================================
ext_if="xl0" # replace with actual external interface name i.e., dc0
internal_net="168.96.200.0/24"
table <lan> { 168.96.200.9, 168.96.200.8, 168.96.200.54, 168.96.200.196 }
table <badboys> { 168.96.200.57, 168.96.200.87, 168.96.200.36 }
altq on $ext_if cbq bandwidth 1Mb queue { def, ftp, udp, http, ssh, \
icmp, lan, badboys }
queue def bandwidth 15% cbq (default borrow red)
queue ftp bandwidth 15% cbq (borrow red)
queue udp bandwidth 38% cbq (borrow red)
queue http bandwidth 10% cbq (borrow red)
#queue ssh bandwidth 20% cbq (borrow red) { ssh_interactive, ssh_bulk }
#queue ssh_interactive priority 7
#queue ssh_bulk priority 0
queue icmp bandwidth 2% cbq
queue lan bandwidth 10% priority 4 cbq (borrow red)
queue badboys bandwidth 10% priority 4 cbq (borrow red)
#pass log quick on $ext_if proto tcp from any to any port 22 flags S/SA \
keep state queue (ssh_bulk, ssh_interactive)
pass in quick on $ext_if proto tcp from any to any port 20 flags S/SA \
keep state queue ftp
pass in quick on $ext_if proto tcp from any to any port 80 flags S/SA \
keep state queue http
pass out on $ext_if proto udp all keep state queue udp
pass out on $ext_if proto icmp all keep state queue icmp
But
Don't run to 10% under http.
Run to 60k ...
Could you help me!!!
More information about the freebsd-pf
mailing list