Return? All it does is -flag the state-, so that packets, in -any- direction, are assigned to the "ssh" queue. It is up to your altq rules to determine what to do with that queue.
See my example in post #3, above, where I limit my kid to 6Mb worth of -inbound- $external_nic inbound use, by limiting what goes -outbound- to his workstation on the $internal_nic.
As Michael Lucas so eloquently described in his book, Absolute OpenBSD, think of PF as sitting on the CPU. Packets come in to the computer, through a NIC, and are given to PF to manage. PF can only shape traffic then goes outbound, through a NIC. The same NIC, or a different NIC, and where those packets are going make no difference.
|