PF Upgrade to 5.8

[Roedy]

Hi,

I have upgraded my router from a freebsd to Openbsd 5.8 with the new PF. Before i used priq which worked quite well. Sadly I am unable to make the new PF configuration work the same way. I hope someone here can point me in the right direction. Below is my configuration:

Code:

INT="vmx0"
EXT="vmx1"
localnet = $INT:network

nas="192.168.1.3"

table <dummies> persist
table <temporary> persist file "/etc/pf/pf_temporary"
table <blocked> persist file "/etc/pf/pf_blocked"
table <spammers> persist file "/etc/pf/pf_spammers"

# Block everything unless otherwise allowed, and queue any state that
# packet might flow into the slow class unless otherwise requeued.
block in log on $EXT
block in log quick from <dummies>
block in log quick from <spammers>
block in log quick from <blocked>
pass quick on lo0 all

match out on $EXT from $localnet to any nat-to $EXT

#allow in some basic services
pass in on $EXT inet proto icmp icmp-type echoreq set prio (5, 6)

# ssh
pass log quick proto tcp from <temporary> to $EXT port ssh flags S/SA keep state \
         (max-src-conn 20, max-src-conn-rate 5/60, \
                 overload <blocked> flush global) set prio (6, 7)

pass quick proto tcp from any to $EXT port ssh flags S/SA keep state \
         (max-src-conn 20, max-src-conn-rate 5/60, \
                 overload <dummies> flush global) set prio (6, 7)

# Skype
pass in on $EXT proto {tcp udp} to port 25601 rdr-to 192.168.1.7 set prio (6, 7)

#Torrent
pass in on $EXT proto {tcp udp} to port {51413} rdr-to $nas set prio (1, 2)


# Pass out rules
pass out quick on $EXT inet proto icmp set prio (6, 7)
pass out quick on $EXT proto {tcp udp} to port {22} set prio (6, 7)
pass out quick on $EXT proto {tcp udp} to port {53} set prio (6, 7)
pass out quick on $EXT proto {tcp udp} to port {123} set prio (6, 7)
pass out quick on $EXT proto {tcp udp} to port {23, 4500, 706, 1863, 5050, 5190, 5222, 6667, 9987} set prio (5, 6)
pass out quick on $EXT proto {tcp udp} to port {25, 80, 443, 8080, 2401, 10838, 18000} set prio (4, 5)

# DotA
pass out quick on $EXT proto {tcp udp} to port {27015:28999} set prio (4, 5)

#torrent
pass out quick on $EXT proto {tcp udp} from port {51413} set prio (1, 2)

# Pass out everything else
pass out quick on $EXT set prio (3, 4)

[jggimi]

Hello, and welcome.

There was a long (and sometimes heated) discussion about priority and queueing on the misc@ mailing list at the beginning of the year. This post may be the most informative.

http://marc.info/?l=openbsd-misc&m=145257356119612&w=2

[Roedy]

Thank you very much for your excellent help. That gave me the answer to my problem. I have temporarily installed an OpenBSD 5.4 with the previous pf, which seems to fix my issue. Thanks again!