On 1/23/08 6:28 AM, Jeff Santos wrote:
I would like to setup PF so that, whenever an initial voip flow was
detetcted, all other non relevant traffic would be blocked, and normal
packet flow being restored only after some voip idleness be detected.
Can it be done? Can someone give some ideas of how?
I'm not sure about quenching non-VoIP traffic; maybe someone else knows
the answer on that.
How you detect a VoIP flow may also be an issue. If your VoIP traffic
uses SIP, you can classify the signaling traffic on 5060/udp -- but then
the voice or video traffic will use RTP/RTCP and some ephemeral port
chosen during call setup.
This isn't necessarily a show-stopper, but you'll need to use some other
classification criterion such as IP address or VLAN interface for the
media traffic. (Since it's common practice to put VoIP on a separate
VLAN and/or IP subnet, you may already be doing this -- then, just
prioritize any traffic from that VLAN or subnet, regardless of whether
it's signaling or media stuff.)
Asterisk optionally can use IAX2 and send both signaling and media
traffic over 4569/udp.
(If anyone has a method for RTP/RTCP awareness in pf -- including the
ability to set up and tear down rules for the call duration -- please
share it!)
dn
