matheus, It is the order. The fist queue is for bulk packets and the second is for ack packets.
Daniel Hartmeier has a detailed page with examples that may make this clearer. Prioritizing empty TCP ACKs with pf and ALTQ http://www.benzedrine.cx/ackpri.html -- Calomel @ http://calomel.org On Sat, Oct 06, 2007 at 12:36:42AM -0300, Nenhum_de_Nos wrote: >On 10/5/07, Calomel <[EMAIL PROTECTED]> wrote: >> padilla, >> >> Perhaps if you take a step back and look at an example of pf everything >> might make more sense. It might help if you had a working pf.conf to learn >> from and a basic explanation of what each part of pf does. >> >> OpenBSD Pf Firewall "how to" ( pf.conf ) >> http://calomel.org/pf_config.html >> >> This example might be more than you really wanted for your machine, but it >> should point you in the right direction for a secure nat'ed firewall. When >> you become more fluent in pf, I have included a few of the more useful >> options in the same example. If you have any questions I would be happy to >> help. >> >> -- >> Calomel @ http://calomel.org > >hi, > >i read the reffered link and this as well > >http://calomel.org/pf_hfsc.html > >but if you let me, I do have a question. when you say: >pass out on $ExtIf inet proto tcp from ($ExtIf) to any flags S/SA >modulate state queue (bulk, ack) >pass out on $ExtIf inet proto tcp from ($ExtIf) to any port ssh flags >S/SA modulate state queue (ssh_bulk, ssh_login) > >The first rule is passing out bulk traffic on the external interface >and prioritizing ack packets. The second rule is passing out data on >port 22(ssh) and prioritizing the interactive ssh traffic. This >traffic is originating on our internal network or on the firewall >itself. > >you say the two queues are bound to that rule in that line ? I never >got 100% this bindings from queues and rules. how will pf know that in >the first rule, it will treat ack packets differente from bulk ones ? >thats my main doubt ... > >is the order (bulk,ack) that does it ? or anything with the flags >(S/SA) ? I really never got the mechanics of this ... > >if anyone could explain, > >thanks, > >matheus >-- >We will call you cygnus, >The God of balance you shall be
