Thread: PF-queue
View Single Post
  #3   (View Single Post)  
Old 30th August 2009
Oko's Avatar
Oko Oko is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Kosovo, Serbia
Posts: 1,102
Default

I didn't want to open the new topic. I am trying to get better performance out of my laptop with altq. I was wondering if you guys could check out my pf.conf and comment on it.

Best,
OKO


Code:
ext_if="rl0"

tcp_services = "{imap, imaps, pop3s, smtp, 587,\
                               ntp, www, https}"
udp_services= "{ntp, rtsp}"
set require-order yes
set block-policy return
set optimization normal
set skip on lo
set loginterface $ext_if

scrub in all random-id fragment reassemble 
scrub out all random-id fragment reassemble

altq on $ext_if priq bandwidth 256Kb queue { std_out, ssh_im_out, dns_out, \
        tcp_ack_out }
queue std_out     priq(default)
queue ssh_im_out  priority 4 priq(red)
queue dns_out     priority 5
queue tcp_ack_out priority 6

block log all
antispoof quick for { lo $ext_if }
block drop in quick from no-route to any
block drop in quick from urpf-failed to any
block drop in quick on $ext_if from any to 255.255.255.255
block drop in quick on $ext_if from { 10.0.0.0/8, 172.16.0.0/12, \
                          192.168.0.0/16, 255.255.255.255/32 } to any
pass out on $ext_if proto udp to any port $udp_services
pass out on $ext_if proto tcp to any port $tcp_services flags S/SA \
                                     keep state queue(std_out, tcp_ack_out)
pass  out on $ext_if inet proto { tcp udp } from any to any port domain \
        keep state queue dns_out
pass  out on $ext_if inet proto tcp from any to any port {ssh, sftp} \
        flags S/SA keep state queue(std_out, ssh_im_out)

Last edited by Oko; 2nd September 2009 at 03:58 PM.
Reply With Quote