i am facing problems using hfsc with PF.
pfctl -f /etc/pf.conf
pfctl: the sum of the child bandwidth higher than parent "root_fxp0"
pfctl: linkshare sc exceeds parent's sc
/etc/pf.conf:21: errors in queue definition
pfctl: Syntax error in config file: pf rules not loaded
althoug my pf.conf looks like this ..
intif="epic0"
intnet="10.0.0.0/16"
extif="fxp0"
extad="192.168.0.2"
intad="10.0.0.1"
chadd="10.0.0.1"
servers="10.0.0.2, 10.0.0.3, 10.0.0.4, 10.0.0.5, 10.0.0.6"
mailserver="10.0.0.2"
vip="10.0.4.8"
ports = "21 22 25 53 80 110 119 123 143 443 465 554 900 995 1755 1863 1999 3000
3020 2020 3389 5000 5001 5050 5100 5190 6667 11999"
allif="{$extif, intif}"
table <allowedclients> persist file "/etc/allowedclients"
table <blockedclients> persist file "/etc/blockedclients"
table <servers> persist file "/etc/servers"
scrub in all
altq on $extif hfsc bandwidth 512Kb queue { www, msn, https, smtp, def }
queue www bandwidth 20%
queue msn bandwidth 20%
queue https bandwidth 20%
queue smtp bandwidth 20%
queue def hfsc(default)
nat on $extif inet proto {icmp, tcp, udp } from <servers> to any -> $extad
nat on $extif inet proto {tcp, udp } from <allowedclients> to any port \
{ $ports } -> $extad
rdr on $intif proto tcp from <allowedclients> to any port 80 -> $chadd port 8080
rdr on $extif proto tcp from any to $extad port 110 -> $mailserver port 110
rdr on $extif proto tcp from any to $extad port 25 -> $mailserver port 25
rdr on $extif proto tcp from any to $extad port 4661 -> $vip port 4661
rdr on $extif proto udp from any to $extad port 4672 -> $vip port 4672
rdr on $extif proto tcp from any to $extad port 80 -> $mailserver port 80
rdr on $intif proto tcp from any to $intad port 80 -> $mailserver port 80
pass out on $extif inet proto { tcp, udp } from <allowedclients> to any port { $
ports }
pass out on $extif inet proto { tcp, udp } from $vip to any
pass in on extif proto tcp from <allowedclients> to any port msn queue msn
pass in on extif proto tcp from <allowedclients> to any port www queue https
pass in on extif proto tcp from <allowedclients> to any port www queue www
pass in on extif proto tcp from <allowedclients> to any port smtp queue smtp
pass out on extif inet proto udp from any to <allowedclients> port msn queue msn
pass out on extif inet proto udp from any to <allowedclients> port www queue \
https
pass out on extif inet proto udp from any to <allowedclients> port www queue www
pass out on extif inet proto udp from any to <allowedclients> port smtp queue \
smtp
do you see anything wrong with this ? is there a bug in this ?
regards
*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
