pf and dummynet
mike tancsa
mike at sentex.net
Mon Jul 29 19:32:38 UTC 2019
On 7/29/2019 2:38 PM, Kristof Provost wrote:
>
> On 29 Jul 2019, at 20:22, mike tancsa wrote:
>
> On 7/29/2019 1:51 PM, Kristof Provost wrote:
>
> Also beware of gotchas with things like IPv6 fragment handling or
> route-to.
>
> I do not consider mixing firewalls to be a supported
> configuration. If
> it breaks you get to keep the pieces.
>
> Thanks, I was worried about that! Is there a way to get altq to limit
> inbound traffic directed to a server ? I would prefer not mixing and
> matching, but I dont see any other way other than going to ipfw
> which I
> would rather not
>
> I don’t know. I’m not very familiar with altq.
>
> In general I’d expect quality of service and bandwidth limits to only
> be effective in the upstream direction (when going from a fast link to
> a slow one). There’s no good way to limit how much traffic other
> machines send to you.
>
Another problem is that altq doesnt seem to work with all NICs.
Although cxgbe is listed in the man page still
# grep cxl /etc/pf.conf
altq on cxl0 cbq bandwidth 2000Mb queue { zrepl, default }
# pfctl -f /etc/pf.conf
pfctl: cxl0: driver does not support altq
#
# man altq | grep -i cxgb
bce(4), bfe(4), bge(4), bxe(4), cas(4), cxgbe(4), dc(4), de(4), ed(4),
---Mike
More information about the freebsd-pf
mailing list