|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
Hi Jggimi,
Thanks for your reply. I tried what you have suggested but still only one queue is active Thanks |
|
|||
Hi Jggimi,
Thanks for the guidance. I tried the following rules separately. But those didn't activate both queues Code:
match out on $ext_if proto {tcp, udp} from $bmpc_wks to any port>=80 queue bmpc Code:
pass out on $ext_if proto {tcp, udp} from $bmpc_wks to any port>=80 queue bmpc |
|
||||
The "pass" rule is not the last that would apply. Unless you use quick, the last matching rule wins, which may be:
Code:
pass out on $ext_if proto {tcp, udp} all keep state |
|
|||
Hi Jggimi,
I changed the rules by adding the quick rule. But still one queue is active. Code:
pass out quick on $ext_if proto {tcp, udp} from $bmpc_wks to any port>=80 queue bmpc |
|
||||
Again, I'm going to recommend learning to use tcpdump(8). Mr. Hansteen's The Book of PF gives excellent guidance, and its use is also discussed in his online tutorial.
Last edited by jggimi; 14th September 2017 at 10:02 AM. Reason: typos |
|
|||
Hi Jggimi,
I followed the Book of PF ( Third Edition ) and tried Two methods. None of those gave the desired results. Relevant PF files are attached herewith. When I implement both configurations, from LAN; internet is not accessible, only one queue is active ( the default queue ). Could you point what mistakes I did for this configuration? Thanks Last edited by Amithapr; 22nd November 2017 at 08:27 AM. |
|
||||
I have looked at the first rule set you attached.
Queueing: your "set queue" rules are pass rules are located among your queue rules, before the comment line: "#****** THIS IS WHERE THE RULES BEGIN ******". Queue settings are not sticky when used in pass rules, and unless quick is used with pass, the last matching rule wins. Without looking very far, I can see rules that will match the same traffic and override your earlier pass rules that set queue. You might consider using match rules to set queues, or, use the quick option. Blocked traffic: Your general block rule is on inbound traffic. No outbound traffic is blocked except for IGMP. Did you enable the packet forwarding sysctl? If no, this is the root cause. If yes, then either simplify your rule set, or enable logging on each rule and use tcpdump(8). |
|
|||
Hi Jggimi,
Thanks for the information. I will try what you have suggested. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Fan Control in OpenBSD? | sparky | OpenBSD General | 18 | 4th April 2014 12:54 PM |
Security Hacker Had Total Control Over DigiNotar Servers, Report | J65nko | News | 0 | 1st November 2012 08:10 PM |
five reasons why OpenBSD is recommended to total newbies | daemonfowl | OpenBSD General | 20 | 25th February 2012 12:03 AM |
Alix6e1 LED control in openbsd | Sigi | OpenBSD General | 1 | 20th November 2011 08:24 PM |
Fan control in OpenBSD | Angevin | OpenBSD General | 6 | 20th November 2009 03:06 AM |