[FUG-BR] pf e filas
Gilberto Villani Brito
linux em giboia.org
Sexta Maio 2 15:30:04 BRT 2008
Tenta usando quick nas regras.
Abraços
--
Gilberto Villani Brito
Support Analyst - IBM
Hortolândia - SP
Brazil
gilbertovb(a)gmail.com
2008/4/26 Nenhum_de_Nos <matheusber at gmail.com>:
> hail,
>
> estou apanhando aqui do pf :(
>
> quero basicamente organizar as filas de subida e descida.
>
> aqui vai o arquivo:
>
> altq on $ext_if bandwidth 291Kb hfsc queue { ack_dns, ack_ssh,
> ack_msn, ack_http, ack_bolo, ack_jogos }
> # queue ack bandwidth 50% priority 7 qlimit 500 hfsc (realtime 35%)
> queue ack_dns bandwidth 7% priority 7 qlimit 500 hfsc (realtime 5%)
> queue ack_ssh bandwidth 10% priority 6 qlimit 500 hfsc
> (realtime 20%) {ssh_bulk, ssh_login}
> # queue ssh_login bandwidth 90% priority 5 qlimit 500 hfsc
> # queue ssh_bulk bandwidth 10% priority 4 qlimit 500 hfsc
> # Jogos !
> queue ack_jogos bandwidth 20% priority 5 qlimit 500 hfsc (realtime 20%)
> queue ack_msn bandwidth 10% priority 4 qlimit 500 hfsc (realtime 5%)
> queue ack_http bandwidth 40% priority 3 qlimit 500 hfsc (realtime 20%)
> queue ack_bolo bandwidth 13% priority 2 qlimit 500 hfsc (upperlimit
> 50% default)
>
> altq on $int_if bandwidth 980Kb hfsc queue { http, ssh, dns, msn, bolo, jogos }
> # Filas: http, p2p, ssh, dns, msn, bolo
> queue dns bandwidth 7% priority 7 qlimit 500 hfsc (realtime 5%)
> queue ssh bandwidth 10% priority 6 qlimit 500 hfsc (realtime 10%)
> queue msn bandwidth 5% priority 5 qlimit 500 hfsc (realtime 5%)
> queue http bandwidth 50% priority 4 qlimit 500 hfsc (realtime 35%)
> queue jogos bandwidth 10% priority 3 qlimit 500 hfsc (realtime 10%)
> queue bolo bandwidth 18% priority 2 qlimit 500 hfsc (realtime 5% default)
>
> block log quick from <chatos_ssh>
>
> antispoof log quick for ($ext_if) inet
> block in on $ext_if all
> pass in on $ext_if inet proto { tcp, udp } from any to any port
> $portas keep state
> pass in on $ext_if inet proto tcp from any to any port $portas_ssh keep state \
> (max-src-conn-rate 4/60 overload <chatos_ssh> flush global)
>
> #pass out on $ext_if from any to any keep state queue (ack_bolo, bolo)
>
> pass out on $ext_if proto { tcp, udp } from any to any port
> $portas_msn keep state queue (ack_msn, msn)
> pass out log on $ext_if proto { tcp, udp } from any to any port
> $portas_http keep state queue (ack_http, http)
> pass out on $ext_if proto { tcp, udp } from any to any port
> $portas_jogos keep state queue (ack_jogos, jogos)
> pass out on $ext_if proto { tcp, udp } from any to any port 53 keep
> state queue (ack_dns, dns)
> pass out on $ext_if proto tcp from any to any port 22 keep state
> queue (ack_ssh, ssh)
>
> pass in on $int_if all
> pass out on $int_if all
>
> coloquei isto tb para ver se resolvia, com ext_if e int_if.:
>
> pass out on $ext_if proto { tcp, udp } from any port $portas_msn to
> any keep state queue (msn, ack_msn)
> pass out log on $ext_if proto { tcp, udp } from any port $portas_http
> to any keep state queue (http, ack_http)
> pass out on $ext_if proto { tcp, udp } from any port $portas_jogos to
> any keep state queue (jogos, ack_jogos)
> pass out on $ext_if proto { tcp, udp } from any port 53 to any keep
> state queue (dns, ack_dns)
> pass out on $ext_if proto tcp from any port 22 to any keep state
> queue (ssh, ack_ssh)
>
> se alguém puder ajudar :)
>
> usei logs para ver se estava mesmo passando pela regra, e está:
>
> 20:13:51.465162 IP 18971016029.user.veloxzone.com.br.63270 >
> pub2.kernel.org.http: S 2607697054:2607697054(0) win 5840 <mss
> 1460,sackOK,timestamp[|tcp]>
>
> mas quando baixa o arquivo a fila em uso é a genérica :(
>
> agradeço antecipadamente :)
>
> sim, isso é um PII 333MHz com FreeBSD 6.3-p2, se ajuda :)
>
> matheus
>
> --
> We will call you cygnus,
> The God of balance you shall be
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
Mais detalhes sobre a lista de discussão freebsd