Rod.. Whitworth wrote:
I have read lots of helpful pf.conf examples that seem to do reasonably complex queueing and that's fine but I am sure there is a simple way to do what I want. No Google lead pointed at someone doing just the task described below. I did STFA here too
In order to demonstrate how slow a webpage looks to a dial-up user (when the browser is behind my pf firewall and there is a 1536/256Kb/s ADSL line to the world) I'd like to be able to reload the pf ruleset with pf.slow which would limit inbound bandwidth by queueing on the internal interface so that e.g. 192.168.1.200 suddenly was restricted to 33 Kb/s and no other LAN host was affected and .200 could not get any more even if all the others were idle.
Here's something I have just tried on a setup with altq:
if="<insert here your internal interface>
altq on if cbq bandwidth 100Mb queue { std, web}
queue std cbq(default)
queue web bandwidth 33Kbpass in quick on $if inet proto tcp from .200 to ($if) port 80 keep state queue web
continue with your regular pf-show.
I have just tested this with my web server that is on the lan. Look at this:
queue web bandwidth 33Kb
[ pkts: 280 bytes: 351151 dropped pkts: 0 bytes: 0 ]
[ qlength: 13/ 50 borrows: 0 suspends: 86 ]
[ measured: 2.6 packets/s, 27.58Kb/s ]
Best, BA
-- Bruno Miguel Afonso Biological Eng. student D.E.Q. @ I.S.T. - Portugal GnuPG Public key: http://dequim.ist.utl.pt/~bruno/gpg
