ALTQ and shaping an existing session

Rajkumar S rajkumars at gmail.com
Wed Aug 27 11:20:03 UTC 2008


Hi,

I have configured pf/altq to shape traffic in my freebsd box. rule
fragments are as below.

altq on rl0 cbq bandwidth 512Kb queue { lanRoot }
altq on rl1 cbq bandwidth 512Kb queue { wanRoot }

queue lanRoot bandwidth 512Kb cbq { lanStd , lanBad }
queue lanStd bandwidth 400Kb cbq (default)
queue lanBad bandwidth 112Kb cbq #(default)

queue wanRoot bandwidth 512Kb cbq { wanStd , wanBad }
queue wanStd bandwidth 450Kb cbq (default)
queue wanBad bandwidth 62Kb cbq #(default)

pass out quick on $lan from any to any keep state
pass in quick on $lan from <badguys> to any keep state queue lanBad
pass in quick on $lan from any to any keep state

pass out quick on $ext_if from any to any keep state
pass in quick on $ext_if from any to <badguys> keep state queue wanBad
pass in quick on $ext_if from any to any keep state

IPs are added to <badguys> by an external program based on bandwidth.
The problem is that even when a new ip is added to or removed from
<badguys> already existing sessions from the newly added ip continues
to have previous shaping configuration. All new sessions are shaped as
expected. I have tried rules without "keep state", but results are the
same. Is  this the expected behavior of pf? Can the shaping be
performed for existing sessions also when an ip is added to <badguys>?

with regards,

raj


More information about the freebsd-pf mailing list