Hi,
I have upgraded my router from a freebsd to Openbsd 5.8 with the new PF. Before i used priq which worked quite well. Sadly I am unable to make the new PF configuration work the same way. I hope someone here can point me in the right direction. Below is my configuration:
Code:
INT="vmx0"
EXT="vmx1"
localnet = $INT:network
nas="192.168.1.3"
table <dummies> persist
table <temporary> persist file "/etc/pf/pf_temporary"
table <blocked> persist file "/etc/pf/pf_blocked"
table <spammers> persist file "/etc/pf/pf_spammers"
# Block everything unless otherwise allowed, and queue any state that
# packet might flow into the slow class unless otherwise requeued.
block in log on $EXT
block in log quick from <dummies>
block in log quick from <spammers>
block in log quick from <blocked>
pass quick on lo0 all
match out on $EXT from $localnet to any nat-to $EXT
#allow in some basic services
pass in on $EXT inet proto icmp icmp-type echoreq set prio (5, 6)
# ssh
pass log quick proto tcp from <temporary> to $EXT port ssh flags S/SA keep state \
(max-src-conn 20, max-src-conn-rate 5/60, \
overload <blocked> flush global) set prio (6, 7)
pass quick proto tcp from any to $EXT port ssh flags S/SA keep state \
(max-src-conn 20, max-src-conn-rate 5/60, \
overload <dummies> flush global) set prio (6, 7)
# Skype
pass in on $EXT proto {tcp udp} to port 25601 rdr-to 192.168.1.7 set prio (6, 7)
#Torrent
pass in on $EXT proto {tcp udp} to port {51413} rdr-to $nas set prio (1, 2)
# Pass out rules
pass out quick on $EXT inet proto icmp set prio (6, 7)
pass out quick on $EXT proto {tcp udp} to port {22} set prio (6, 7)
pass out quick on $EXT proto {tcp udp} to port {53} set prio (6, 7)
pass out quick on $EXT proto {tcp udp} to port {123} set prio (6, 7)
pass out quick on $EXT proto {tcp udp} to port {23, 4500, 706, 1863, 5050, 5190, 5222, 6667, 9987} set prio (5, 6)
pass out quick on $EXT proto {tcp udp} to port {25, 80, 443, 8080, 2401, 10838, 18000} set prio (4, 5)
# DotA
pass out quick on $EXT proto {tcp udp} to port {27015:28999} set prio (4, 5)
#torrent
pass out quick on $EXT proto {tcp udp} from port {51413} set prio (1, 2)
# Pass out everything else
pass out quick on $EXT set prio (3, 4)