On 10/5/07, Calomel <[EMAIL PROTECTED]> wrote: > padilla, > > Perhaps if you take a step back and look at an example of pf everything > might make more sense. It might help if you had a working pf.conf to learn > from and a basic explanation of what each part of pf does. > > OpenBSD Pf Firewall "how to" ( pf.conf ) > http://calomel.org/pf_config.html > > This example might be more than you really wanted for your machine, but it > should point you in the right direction for a secure nat'ed firewall. When > you become more fluent in pf, I have included a few of the more useful > options in the same example. If you have any questions I would be happy to > help. > > -- > Calomel @ http://calomel.org
hi, i read the reffered link and this as well http://calomel.org/pf_hfsc.html but if you let me, I do have a question. when you say: pass out on $ExtIf inet proto tcp from ($ExtIf) to any flags S/SA modulate state queue (bulk, ack) pass out on $ExtIf inet proto tcp from ($ExtIf) to any port ssh flags S/SA modulate state queue (ssh_bulk, ssh_login) The first rule is passing out bulk traffic on the external interface and prioritizing ack packets. The second rule is passing out data on port 22(ssh) and prioritizing the interactive ssh traffic. This traffic is originating on our internal network or on the firewall itself. you say the two queues are bound to that rule in that line ? I never got 100% this bindings from queues and rules. how will pf know that in the first rule, it will treat ack packets differente from bulk ones ? thats my main doubt ... is the order (bulk,ack) that does it ? or anything with the flags (S/SA) ? I really never got the mechanics of this ... if anyone could explain, thanks, matheus -- We will call you cygnus, The God of balance you shall be
