Thanks for your response Paul (and Andrew). I had read this doc and if this is straight forward then I am clearly missing something (it would not be the first time ;). I can't see how to get individual child queues, each of 128Kbps for each active IP address on the inside with out defining them all in the pf.conf (in this case 1024 child queues). All the examples show static assignment of address blocks or ports to predefined queues.
what we want to do is to allow throttled access to the Internet from our wireless network while allowing full speed access to the campus network. And we want the throttling to be on a per user basis not on an aggregate basis. ipfw does this by having a (src|dst)mask parameter which essentially creates a new queue for each unique value of the address & mask. Cheers, Russell Paul Matlock wrote: > On Fri, 2007-31-08 at 13:17 +1200, Russell Fulton wrote: > >> Hi Folks >> >> We have a requirement where we want to limit each IP address to a set >> bandwidth. To be explicit we have a wireless network which is connected >> to our main network and the Internet through a firewall. We have things >> set up so that each user on the wireless network can send no more than >> 128Kb to the Internet while having unthrottled access to the campus network. >> >> Currently we are doing this with ipfw under freebsd and I would like to >> move this over to pf but I can't see any way of setting up "dynamic" >> queues. >> > > > This should be rather trivial to do, check out the pf doc > > http://www.openbsd.org/faq/pf/queueing.html > > > -Paul > >
