Hi,
I use a different approach and instead of hardcoding port
numbers for mldonkey and BitTorrent run those as a separate
user on my lil' firewall:
altq on $ext_if priq bandwidth 100Kb queue \
{tcp_ack, ssh_login, other, p2p}
queue tcp_ack priority 7 priq
queue ssh_login priority 5 priq
queue other priority 3 priq
queue p2p priority 1 priq(default)
pass out quick on $ext_if proto tcp from $ext_if to any user p2p \
keep state queue(p2p, tcp_ack)
pass in quick on $ext_if proto tcp from any to $ext_if user p2p \
keep state queue(p2p, tcp_ack)
pass out quick on $ext_if proto tcp from $ext_if to any port ssh \
keep state queue(other, ssh_login)
pass in quick on $ext_if proto tcp from any to $ext_if port ssh \
keep state queue(other, ssh_login)
pass out on $ext_if proto tcp from $ext_if to any \
keep state queue(other, tcp_ack)
pass in on $ext_if proto tcp from any to $ext_if \
keep state queue(other, tcp_ack)
This make sure you always have a "low id" and "open port"
(using the language of those sites ;-)
And I run the bittorent client with non-standard ports
(--minport, --maxport )
Regards
Alex
