Hi all,
I've got the following pf.conf file for limiting bittorrent
connections and providing higher priority to a game server. While the
latter works wonderfully, the bittorrent connections seem to spill
over into the normal queue and it's driving me crazy.
My /etc/pf.conf file is as follows:
set skip on lo
# Setting some constants
prio_port = "{ 22 53 5900 }"
shiori = "192.168.2.241/32"
chechemaru = "192.168.2.251/32"
wired_if = "rl0"
wlan_if = "ath0"
hi_bw = "33Mb"
norm_bw = "20Mb"
lo_bw = "178415b"
altq on $wired_if cbq bandwidth 54Mb queue { wired_hi, wired_norm, wired_lo }
queue wired_hi bandwidth $hi_bw priority 2
queue wired_norm bandwidth $norm_bw cbq(default) priority 3
queue wired_lo bandwidth $lo_bw priority 4
altq on $wlan_if cbq bandwidth 54Mb queue { wlan_hi, wlan_norm, wlan_lo }
queue wlan_hi bandwidth $hi_bw priority 2
queue wlan_norm bandwidth $norm_bw cbq(default) priority 3
queue wlan_lo bandwidth $lo_bw priority 4
# SSH and DNS traffic as well
pass out quick on $wired_if proto { tcp udp } to any port $prio_port \
queue wired_hi
pass out quick on $wired_if proto { tcp udp } from any port $prio_port \
queue wired_hi
pass out quick on $wlan_if proto { tcp udp } to any port $prio_port \
queue wlan_hi
pass out quick on $wlan_if proto { tcp udp } from any port $prio_port \
queue wlan_hi
#High priority to Shiori
pass out quick on $wired_if to $shiori queue wired_hi
pass out quick on $wlan_if from $shiori queue wlan_hi
#Low priority and limiting to Chechemaru
#NOTE: BT connections are bidirectional, hence the seemingly \
#redundant rules
pass out quick on $wired_if to $chechemaru queue wired_lo
pass out quick on $wired_if from $chechemaru queue wired_lo
pass out quick on $wlan_if to $chechemaru queue wlan_lo
pass out quick on $wlan_if from $chechemaru queue wlan_lo
# Everything else gets normal priority
# pass out quick on $wired_if queue wired_norm
#pass
block in on ! lo0 proto tcp to port 6000:6010
A typical output from pftop shows the contents of
http://paste2.org/p/596043 - notice the upstream going crazy.
Unfortunately pfTop hasn't been updated to take advantage of the
changes to pf, so it refuses to display the rules. I'd do it myself
if I had a better understanding of how pf worked within, but I'm not
quite at that stage yet.
A very hard cluestick is greatly appreciated, to go along with the
concussion I am suffering from banging my head on the desk.
Regards
--
Aaron Mason - Programmer, open source addict
I've taken my software vows - for beta or for worse
