DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 23rd July 2008
RudiK RudiK is offline
Port Guard
 
Join Date: May 2008
Posts: 10
Question ALTQ Question regarding

Hello,

I am running a FBSD 7 firewall @ home connected to a DSL line which I share with my wife.

One of the main problems that I have encountered is that when my wife surfs the internet my online gaming screeches to a halt untill the page has loaded and by that time I've been pwned

I was thinking about using ALTQ to prioritize the traffic and after checking out Daniel Hartmeier's page on "Prioritizing empty TCP ACKs" (http://www.benzedrine.cx/ackpri.html) I came up with the variation of his rule set.

Code:
ext_if="tun0"

cod_ports = "{28960:29000}"

altq on $ext_if priq bandwidth 400Kb queue { q_pri, q_def, q_cod, q_domain, q_ssh }

queue q_pri priority 10
queue q_cod priority 9
queue q_domain priority 8
queue q_ssh priority 7
queue q_def priority 1 priq(default)

pass out on $ext_if proto tcp from $ext_if to any flags S/SA keep state queue (q_def, q_pri)
pass in  on $ext_if proto tcp from any to $ext_if flags S/SA keep state queue (q_def, q_pri)

pass out on $ext_if proto udp from $ext_if to any port $cod_ports modulate state queue q_cod
pass in  on $ext_if proto udp from any to $ext_if port $cod_ports modulate state queue q_cod

pass out on $ext_if proto tcp from $ext_if to any port domain flags S/SA keep state queue q_domain
pass in  on $ext_if proto tcp from any to $ext_if port domain flags S/SA  keep state queue q_domain

pass out on $ext_if proto udp from $ext_if to any port domain modulate state queue q_domain
pass in  on $ext_if proto udp from any to $ext_if port domain modulate state queue q_domain

pass out on $ext_if proto tcp from $ext_if to any port ssh flags S/SA keep state queue q_ssh
pass in  on $ext_if proto tcp from any to $ext_if port ssh flags S/SA  keep state queue q_ss
I have two questions:

1) Can you specify a range of ports in a macro e.g. cod_ports = "{28960:29000}"?
2) Will the rest of the priority queues even come in to play or will the first priority queue override the rest?

Thanks
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
external drive partition question + fdisk question gosha OpenBSD General 15 15th June 2009 02:00 PM
PF w/ ALTQ - Queue errors exceeding bandwidth plexter OpenBSD Security 11 26th October 2008 12:01 AM
PF/ALTQ rules not working as intended Weaseal FreeBSD Security 4 6th August 2008 12:41 PM
[PF] Problem with ftp and ALTQ gotian FreeBSD Security 1 22nd July 2008 11:25 PM
Queuing with PF and ALTQ Weaseal FreeBSD Security 1 22nd July 2008 05:18 PM


All times are GMT. The time now is 06:09 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick