Tenta usando quick nas regras. Abraços -- Gilberto Villani Brito Support Analyst - IBM Hortolândia - SP Brazil gilbertovb(a)gmail.com
2008/4/26 Nenhum_de_Nos <[EMAIL PROTECTED]>: > hail, > > estou apanhando aqui do pf :( > > quero basicamente organizar as filas de subida e descida. > > aqui vai o arquivo: > > altq on $ext_if bandwidth 291Kb hfsc queue { ack_dns, ack_ssh, > ack_msn, ack_http, ack_bolo, ack_jogos } > # queue ack bandwidth 50% priority 7 qlimit 500 hfsc (realtime 35%) > queue ack_dns bandwidth 7% priority 7 qlimit 500 hfsc (realtime > 5%) > queue ack_ssh bandwidth 10% priority 6 qlimit 500 hfsc > (realtime 20%) {ssh_bulk, ssh_login} > # queue ssh_login bandwidth 90% priority 5 qlimit 500 hfsc > # queue ssh_bulk bandwidth 10% priority 4 qlimit 500 hfsc > # Jogos ! > queue ack_jogos bandwidth 20% priority 5 qlimit 500 hfsc (realtime > 20%) > queue ack_msn bandwidth 10% priority 4 qlimit 500 hfsc (realtime 5%) > queue ack_http bandwidth 40% priority 3 qlimit 500 hfsc (realtime > 20%) > queue ack_bolo bandwidth 13% priority 2 qlimit 500 hfsc (upperlimit > 50% default) > > altq on $int_if bandwidth 980Kb hfsc queue { http, ssh, dns, msn, bolo, > jogos } > # Filas: http, p2p, ssh, dns, msn, bolo > queue dns bandwidth 7% priority 7 qlimit 500 hfsc (realtime 5%) > queue ssh bandwidth 10% priority 6 qlimit 500 hfsc (realtime 10%) > queue msn bandwidth 5% priority 5 qlimit 500 hfsc (realtime 5%) > queue http bandwidth 50% priority 4 qlimit 500 hfsc (realtime 35%) > queue jogos bandwidth 10% priority 3 qlimit 500 hfsc (realtime 10%) > queue bolo bandwidth 18% priority 2 qlimit 500 hfsc (realtime 5% default) > > block log quick from <chatos_ssh> > > antispoof log quick for ($ext_if) inet > block in on $ext_if all > pass in on $ext_if inet proto { tcp, udp } from any to any port > $portas keep state > pass in on $ext_if inet proto tcp from any to any port $portas_ssh keep > state \ > (max-src-conn-rate 4/60 overload <chatos_ssh> flush global) > > #pass out on $ext_if from any to any > keep state queue (ack_bolo, bolo) > > pass out on $ext_if proto { tcp, udp } from any to any port > $portas_msn keep state queue (ack_msn, msn) > pass out log on $ext_if proto { tcp, udp } from any to any port > $portas_http keep state queue (ack_http, http) > pass out on $ext_if proto { tcp, udp } from any to any port > $portas_jogos keep state queue (ack_jogos, jogos) > pass out on $ext_if proto { tcp, udp } from any to any port 53 > keep > state queue (ack_dns, dns) > pass out on $ext_if proto tcp from any to any port 22 > keep state > queue (ack_ssh, ssh) > > pass in on $int_if all > pass out on $int_if all > > coloquei isto tb para ver se resolvia, com ext_if e int_if.: > > pass out on $ext_if proto { tcp, udp } from any port $portas_msn to > any keep state queue (msn, ack_msn) > pass out log on $ext_if proto { tcp, udp } from any port $portas_http > to any keep state queue (http, ack_http) > pass out on $ext_if proto { tcp, udp } from any port $portas_jogos to > any keep state queue (jogos, ack_jogos) > pass out on $ext_if proto { tcp, udp } from any port 53 to any > keep > state queue (dns, ack_dns) > pass out on $ext_if proto tcp from any port 22 to any > keep state > queue (ssh, ack_ssh) > > se alguém puder ajudar :) > > usei logs para ver se estava mesmo passando pela regra, e está: > > 20:13:51.465162 IP 18971016029.user.veloxzone.com.br.63270 > > pub2.kernel.org.http: S 2607697054:2607697054(0) win 5840 <mss > 1460,sackOK,timestamp[|tcp]> > > mas quando baixa o arquivo a fila em uso é a genérica :( > > agradeço antecipadamente :) > > sim, isso é um PII 333MHz com FreeBSD 6.3-p2, se ajuda :) > > matheus > > -- > We will call you cygnus, > The God of balance you shall be > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd