Annotation of src/share/pf/faq-example2, Revision 1.2
1.2 ! henning 1: # $OpenBSD: faq-example2,v 1.1 2003/08/02 18:25:49 henning Exp $
1.1 henning 2:
3: #
4: # Small, Home Network
1.2 ! henning 5: # http://www.openbsd.org/faq/pf/queueing.html#example1
1.1 henning 6: #
7:
8:
9: # enable queueing on the external interface to control traffic going to
10: # the Internet. use the priq scheduler to control only priorities. set
11: # the bandwidth to 610Kbps to get the best performance out of the TCP
12: # ACK queue.
13:
14: altq on fxp0 priq bandwidth 610Kb queue { std_out, ssh_im_out, dns_out, \
15: tcp_ack_out }
16:
17: # define the parameters for the child queues.
18: # std_out - the standard queue. any filter rule below that does not
19: # explicitly specify a queue will have its traffic added
20: # to this queue.
21: # ssh_im_out - interactive SSH and various instant message traffic.
22: # dns_out - DNS queries.
23: # tcp_ack_out - TCP ACK packets with no data payload.
24:
25: queue std_out priq(default)
26: queue ssh_im_out priority 4 priq(red)
27: queue dns_out priority 5
28: queue tcp_ack_out priority 6
29:
30: # enable queueing on the internal interface to control traffic coming in
31: # from the Internet. use the cbq scheduler to control bandwidth. max
32: # bandwidth is 2Mbps.
33:
34: altq on dc0 cbq bandwidth 2Mb queue { std_in, ssh_im_in, dns_in, bob_in }
35:
36: # define the parameters for the child queues.
37: # std_in - the standard queue. any filter rule below that does not
38: # explicitly specify a queue will have its traffic added
39: # to this queue.
40: # ssh_im_in - interactive SSH and various instant message traffic.
41: # dns_in - DNS replies.
42: # bob_in - bandwidth reserved for Bob's workstation. allow him to
43: # borrow.
44:
45: queue std_in cbq(default)
46: queue ssh_im_in priority 4
47: queue dns_in priority 5
48: queue bob_in bandwidth 80Kb cbq(borrow)
49:
50:
51: # ... in the filtering section of pf.conf ...
52:
53: alice = "192.168.0.2"
54: bob = "192.168.0.3"
55: charlie = "192.168.0.4"
56: local_net = "192.168.0.0/24"
57: ssh_ports = "{ 22 2022 }"
58: im_ports = "{ 1863 5190 5222 }"
59:
60: # filter rules for fxp0 inbound
61: block in on fxp0 all
62:
63: # filter rules for fxp0 outbound
64: block out on fxp0 all
65: pass out on fxp0 inet proto tcp from (fxp0) to any flags S/SA \
66: keep state queue(std_out, tcp_ack_out)
67: pass out on fxp0 inet proto { udp icmp } from (fxp0) to any keep state
68: pass out on fxp0 inet proto { tcp udp } from (fxp0) to any port domain \
69: keep state queue dns_out
70: pass out on fxp0 inet proto tcp from (fxp0) to any port $ssh_ports \
71: flags S/SA keep state queue(std_out, ssh_im_out)
72: pass out on fxp0 inet proto tcp from (fxp0) to any port $im_ports \
73: flags S/SA keep state queue(ssh_im_out, tcp_ack_out)
74:
75: # filter rules for dc0 inbound
76: block in on dc0 all
77: pass in on dc0 from $local_net
78:
79: # filter rules for dc0 outbound
80: block out on dc0 all
81: pass out on dc0 from any to $local_net
82: pass out on dc0 proto { tcp udp } from any port domain to $local_net \
83: queue dns_in
84: pass out on dc0 proto tcp from any port $ssh_ports to $local_net \
85: queue(std_in, ssh_im_in)
86: pass out on dc0 proto tcp from any port $im_ports to $local_net \
87: queue ssh_im_in
88: pass out on dc0 from any to $bob queue bob_in
![[BACK]](/icons/back.gif){kind=icon}
Return to faq-example2 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / share / pf