[FUG-BR] pf e filas
Nenhum_de_Nos
matheusber em gmail.com
Sábado Abril 26 20:13:57 BRT 2008
hail,
estou apanhando aqui do pf :(
quero basicamente organizar as filas de subida e descida.
aqui vai o arquivo:
altq on $ext_if bandwidth 291Kb hfsc queue { ack_dns, ack_ssh,
ack_msn, ack_http, ack_bolo, ack_jogos }
# queue ack bandwidth 50% priority 7 qlimit 500 hfsc (realtime 35%)
queue ack_dns bandwidth 7% priority 7 qlimit 500 hfsc (realtime 5%)
queue ack_ssh bandwidth 10% priority 6 qlimit 500 hfsc
(realtime 20%) {ssh_bulk, ssh_login}
# queue ssh_login bandwidth 90% priority 5 qlimit 500 hfsc
# queue ssh_bulk bandwidth 10% priority 4 qlimit 500 hfsc
# Jogos !
queue ack_jogos bandwidth 20% priority 5 qlimit 500 hfsc (realtime 20%)
queue ack_msn bandwidth 10% priority 4 qlimit 500 hfsc (realtime 5%)
queue ack_http bandwidth 40% priority 3 qlimit 500 hfsc (realtime 20%)
queue ack_bolo bandwidth 13% priority 2 qlimit 500 hfsc (upperlimit
50% default)
altq on $int_if bandwidth 980Kb hfsc queue { http, ssh, dns, msn, bolo, jogos }
# Filas: http, p2p, ssh, dns, msn, bolo
queue dns bandwidth 7% priority 7 qlimit 500 hfsc (realtime 5%)
queue ssh bandwidth 10% priority 6 qlimit 500 hfsc (realtime 10%)
queue msn bandwidth 5% priority 5 qlimit 500 hfsc (realtime 5%)
queue http bandwidth 50% priority 4 qlimit 500 hfsc (realtime 35%)
queue jogos bandwidth 10% priority 3 qlimit 500 hfsc (realtime 10%)
queue bolo bandwidth 18% priority 2 qlimit 500 hfsc (realtime 5% default)
block log quick from <chatos_ssh>
antispoof log quick for ($ext_if) inet
block in on $ext_if all
pass in on $ext_if inet proto { tcp, udp } from any to any port
$portas keep state
pass in on $ext_if inet proto tcp from any to any port $portas_ssh keep state \
(max-src-conn-rate 4/60 overload <chatos_ssh> flush global)
#pass out on $ext_if from any to any keep state queue (ack_bolo, bolo)
pass out on $ext_if proto { tcp, udp } from any to any port
$portas_msn keep state queue (ack_msn, msn)
pass out log on $ext_if proto { tcp, udp } from any to any port
$portas_http keep state queue (ack_http, http)
pass out on $ext_if proto { tcp, udp } from any to any port
$portas_jogos keep state queue (ack_jogos, jogos)
pass out on $ext_if proto { tcp, udp } from any to any port 53 keep
state queue (ack_dns, dns)
pass out on $ext_if proto tcp from any to any port 22 keep state
queue (ack_ssh, ssh)
pass in on $int_if all
pass out on $int_if all
coloquei isto tb para ver se resolvia, com ext_if e int_if.:
pass out on $ext_if proto { tcp, udp } from any port $portas_msn to
any keep state queue (msn, ack_msn)
pass out log on $ext_if proto { tcp, udp } from any port $portas_http
to any keep state queue (http, ack_http)
pass out on $ext_if proto { tcp, udp } from any port $portas_jogos to
any keep state queue (jogos, ack_jogos)
pass out on $ext_if proto { tcp, udp } from any port 53 to any keep
state queue (dns, ack_dns)
pass out on $ext_if proto tcp from any port 22 to any keep state
queue (ssh, ack_ssh)
se alguém puder ajudar :)
usei logs para ver se estava mesmo passando pela regra, e está:
20:13:51.465162 IP 18971016029.user.veloxzone.com.br.63270 >
pub2.kernel.org.http: S 2607697054:2607697054(0) win 5840 <mss
1460,sackOK,timestamp[|tcp]>
mas quando baixa o arquivo a fila em uso é a genérica :(
agradeço antecipadamente :)
sim, isso é um PII 333MHz com FreeBSD 6.3-p2, se ajuda :)
matheus
--
We will call you cygnus,
The God of balance you shall be
Mais detalhes sobre a lista de discussão freebsd