What has everyone gone on holiday? haha.
I'm really baffled with this. I was hoping that one of the more experienced OpenBSD users would be able to comment as his/her knowledge of OpenBSD inner workings might help. It seems really odd that neither the sample commands from OpenBSD's FAQ nor mine will work and I am starting to think there might be more going on than just my PF syntax.
ANY help would be greatly appreciated.
Updated PF.CONf also keep in mine lines may not be exact and you should look at my comments "line 30 is...." for reference.
Code:
#Interfaces
ext_if="fxp0"
int_if="fxp1"
#Options
set require-order yes
set block-policy drop
set loginterface $ext_if
set state-policy if-bound
set fingerprints "/etc/pf.os"
set ruleset-optimization none
#Timeout Settings
set optimization aggressive
set timeout { frag 10, tcp.established 3600 }
set timeout { tcp.first 30, tcp.closing 10, tcp.closed 10, tcp.finwait 10 }
set timeout { udp.first 30, udp.single 30, udp.multiple 30 }
set timeout { other.first 30, other.single 30, other.multiple 30 }
set timeout { adaptive.start 5000, adaptive.end 10000 }
#Connection Normalization
scrub on $ext_if all random-id min-ttl 254 max-mss 1452 reassemble tcp fragment reassemble
#Queuing ALTQ
#Upload assumed aprox 80kb or 640Kb queued aprox 94%
altq on $ext_if cbq bandwidth 600Kb queue { tos, voip, dns, ssh, webftp, bitt, general }
queue tos bandwidth 20% priority 7 cbq (borrow red) { ack, ssh_login }
queue ack bandwidth 90% cbq (borrow red)
queue ssh_login bandwidth 10% cbq (borrow red)
queue voip bandwidth 50% priority 6 cbq (borrow red)
queue dns bandwidth 7% priority 5 cbq (borrow red)
queue ssh bandwidth 3% priority 4 cbq (borrow red)
queue webftp bandwidth 5% priority 4 cbq (borrow red)
queue bitt bandwidth 10% priority 2 cbq (borrow red)
queue general bandwidth 5% priority 1 cbq (borrow red default)
pass out quick on $ext_if inet proto udp from any to any port 5060 keep state queue (voip, ack)
pass out quick on $ext_if inet proto udp from any to any port domain keep state queue (dns, ack)
pass out quick on $ext_if inet proto tcp from any to any port ssh modulate state queue (ssh, ssh_login)
pass out quick on $ext_if inet proto tcp from any to any port 10050 modulate state queue (bitt, ack)
pass out quick on $ext_if inet proto { tcp, udp } from any to any keep state queue (general, ack)
pass in
pass out
Thanks!