Thanks for the fast answer s2scott.
Then, in my conf, are these lines correct:
---
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
---
???
I'm asking another time with more precision about these two rules because I've a doubt about need to queue them or not. As you can see, they are not queued...is this correct so?
Another question:
I'm thinking about the code you've let me to know and I've understod why I may add it in my firewall, but I don't understand why I've to queue the rule also at "up_host1" and not only to "up_higest" and I don't understand why it isn't needed also a "dn_higest"...
sorry if my questions can seem "stupid" for you; I've never used a pf altq.
The last question:
"192.168.0.1" is my gateway/router/firewall/server (where OpenBSD runs), where I'm configuring pf...how much band it need if it have "only" to work as apache/vsftpd/cucipop/bind/internalVoipSystem server? 10% is correct or can I reduce the band dedicated to it?
Thanks and thanks
mb.