I would like to setup PF so that, whenever an initial voip flow was
detetcted, all other non relevant traffic would be blocked, and normal
packet flow being restored only after some voip idleness be detected.
Not exactly sure why you would like to do this part.
With proper QoS setup, it doesn't matter if you have traffic or not with
your VoIP in place already. You give priority to your VoIP traffic and
it will use what ever bandwidth it needs and the rest of the traffic
will be queue or use what's left of the available bandwidth.
Obviously this works well for your side going out as you control one
side of the WAN link and you don't do the incoming traffic, so you can't
stop what's coming to you anyway. However, with proper QoS if you have
big download as an example going on at that time, your side would suffer
some unless you can control both side of the WAN, witch you most likely
do not anyway unless your ISP provide some QoS for that.
So, I guess if for this situation you want to stop the traffic to try to
help your incoming quality? At a minimum, if you setup QoS, then only
you would suffer, not the remote end and as such, if you are doing a
download when you get on a call and that affect you to much, then you
can stop it manually.
Can it be done? Can someone give some ideas of how?
As to how you can do this to detect the VoIP. As previously said to you,
you can see the UDP/5060, but that's the control only. The RTP stream is
most definitely on different port and going to a remote gateway.
Depending on your VoIP provider, the remote end will always be the same,
or in a series of different gateways unless you have IP to IP calls,
with is not to frequent yet for sure and VoIP peering is not very
popular yet.
So, you can filter on that destination, or much better for sure on the
source IP's as I assume your VoIP device always have the same IP's and
as such, it's easier to detect that stream.
So, you could check for UDP RTP stream from that IP's and all phones can
and are most likely preset with a fix range of ports that they can use
and if you can find that, then you have all that you need.
Your VoIP provider should definitely be able to tell you the UDP ports
needed for the RTP stream and then that would give you plenty to work with.
Hope this answer your question some anyway.
Best,
Daniel
