|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
queueing on incoming or outgoing?
I can't completly understand, how traffic shaping works. Some examples:
https://chibug.org/talks/2016-10-05-jimh-pf_queuing.pdf there is sentence: Pass rules: incoming (my preference) or no direction specified also example: pass in on em0 proto tcp to port {80,443} set queue http So how this "incoming" declared trafic shaping works? For some (incomming) tcp connenction (applied in rules), outgoing trafffic should be limited by queueing? Or something elese? |
|
|||
Yes, I know, we can only shape traffic when packets are outbound and leaving, that is general rule, for each and every router device (not only BSD).
But how to apply this on pf? So, for IP packet from LAN to Internet, we set: pass in on $int_if proto...... to..... set queue gueueLANtoINTERNET this packet from LAN to Internet will be queued on $ext_if, whe it leaves device? |
|
||||
See the QUEUING section of the pf.conf(5) man page. It includes both setting up queues with queue statements, and then applying queue names to pass rules with set queue options.
Last edited by jggimi; 2nd November 2017 at 10:06 AM. Reason: typo |
|
||||
Also, yes, you can set a queue name on an inbound traffic rule; the queue name will apply to the state, if state is established, and therefore to any outbound traffic for that state. It just won't have any affect on the inbound traffic, since that cannot be queued.
There is an example showing pass in rules in the pf.conf(5) man page where the set queue option is defined. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
OpenBSD New queueing system (pf) now in -current | J65nko | News | 3 | 21st October 2013 03:41 PM |
redirect outgoing http | petter | OpenBSD Security | 8 | 25th March 2013 04:56 PM |
Machine not responding to incoming connections | vi5in | FreeBSD General | 9 | 27th October 2009 10:17 PM |
postfix incoming only on external | vdubjunkie | General software and network | 5 | 7th June 2009 08:02 PM |
BSD n00b needs to block incoming SQL on 3306 | renolinux | FreeBSD Security | 5 | 27th May 2008 02:26 PM |