Quote:
Originally Posted by Amithapr
1) Implementing QOS ( if I can get a link which describes CBQ and PRIQ with examples it is much appreciated. )
|
You are asking about traffic shaping, or traffic queueing. OpenBSD replaced the ALTQ queueing system you were using, starting at at 5.5. The replacement includes an always-on priority queuing mechanism, and queues for bandwidth management. These are both discussed in the pf.conf(5) man page, but the best resource will be Peter Hansteen's
The Book of PF.
Peter also has an
online tutorial, but it is not as detailed as his book.
Quote:
|
2) Could I restrict some sites ex: facebook totally ?
|
If a site has a known single IP address or small set of fixed IP addresses, yes. But you cannot do this with Facebook, Google, or other large services which have ever-changing, massive pools of IP addresses.
Quote:
|
3) Could I control access to some sites like FB by implementing a schedule on PF ?
|
Per my answer above, not with Facebook. But yes, the cron(8) subsystem allows you to schedule the execution of commands and you can change portions of your ruleset with PF anchors, or you could replace the entire ruleset, and you can kill active states as well with pfctl(8) and its -K/-k options. The cron(8) subsystem is fully described in its main man page and the SEE ALSO man pages. PF anchors are described in the PF User's Guide and in Peter's book and tutorial.
Quote:
|
4) Could I implement an IPS on my latest OpenBSD firewall?
|
Not at this time. Snort is available as a package, but on OpenBSD it is implemented as an IDS rather than an IPS, because it is not integrated with PF. Suricata is another IDS/IPS but at the moment it is only a
work in progress for OpenBSD, and my guess is if it is successfully ported it will be as an IDS only.