Hello, I was hoping someone could help me out with HFSC and pf, I'm sending my
rules (pf.conf) in the body of this message (so anyone can see them), the
problem here is that I have a queue rule called emule, and a queue rule
default, both on $ext_if, and then I have a filter rule for all emule traffic
defined by some ports, tcp and udp, I have also tried this same configuration
from ports 4000 to 6000 with the same result, I don't know what I'm doing
wrong, I believe all my rules are ok, but this is why I'm sending this email,
to verify that everything is correct, hope someone can help me out, thank you
Rules:
########################################
#MACROS
########################################
int_if="dc0"
ext_if="rl0"
int_net="192.168.0.0/24"
NoRouteIps="{127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8}"
netbios="{ 137, 138, 139, 81 }"
p2pp="{6891 ,6892, 6893, 6894, 6895, 6896, 6881, 6882, 1214, 4662, 51432}"
casa="{192.168.0.105, 192.168.0.104}"
limite="10Mb"
download="980Kb"
upload="200Kb"
emule="100Kb"
EDKports="{4662, 4661, 4665, 4672}"
#######################################
#SCRUB
######################################
scrub in all
###############################################################
# Traffic control with HFSC
###############################################################
altq on $int_if hfsc bandwidth $limite queue { download }
queue download priority 0 bandwidth 99% hfsc(linkshare 99%) { default, samba,
web }
queue default priority 1 bandwidth $download hfsc(realtime 250Kb linkshare
800Kb upperlimit $download default)
queue web priority 4 bandwidth $download qlimit 15 hfsc( realtime 300Kb
linkshare 800Kb upperlimit $download )
queue samba priority 3 bandwidth 20% hfsc( realtime 50% linkshare 7Mb
upperlimit $limite )
altq on $ext_if hfsc bandwidth $upload queue { upload }
queue upload priority 1 bandwidth $upload hfsc(linkshare $upload) { def,
emule }
queue def priority 10 bandwidth 10% qlimit 10 hfsc(realtime 20% linkshare
10% upperlimit $upload default)
queue emule priority 4 bandwidth $emule qlimit 10 hfsc(realtime 10Kb
linkshare 20Kb upperlimit $emule)
########################################
#NAT RULES
#######################################
nat on $ext_if from $int_if:network to any -> ($ext_if)
#------------------------------------------------
# Reglas para mensajería y p2p
#------------------------------------------------
rdr on $ext_if proto tcp from any to any port $p2pp -> $casa
rdr on $ext_if proto udp from any to any port { 4665, 4672 } -> $casa
#########################################
#PACKET FILTERING
#########################################
#------------------------------------------------------------------------
# Block all incoming traffic by default
#------------------------------------------------------------------------
block in all
#----------------------------------------------------
# Shape web traffic ( test )
#----------------------------------------------------
pass quick on $int_if proto tcp from any to any port = 80 keep state
queue( web )
#---------------------------------------------
# Let all traffic in and out for loopback
#---------------------------------------------
pass quick on lo0 all
#-----------------------------------
# Anti spoofing protection
#-----------------------------------
antispoof quick for $int_if inet
#---------------------------------------------
# Accept SSH 8080
#---------------------------------------------
pass in quick on $ext_if proto tcp from any to $ext_if port = 8080 flags S/SA
#----------------------------------------------
# Accept connections from LAN
#----------------------------------------------
pass quick on $int_if proto tcp from $int_net to $int_if port = 8080 keep
state queue( ssh )
pass in on $int_if from $int_net to any
pass in on $int_if from any to $int_net
pass in quick on $int_if proto {tcp, udp} from any to any port $netbios keep
state queue( samba )
#---------------------------------------------------
# Block norouteips
#---------------------------------------------------
block in on $ext_if from $NoRouteIps to any
block out on $ext_if from any to $NoRouteIps
#------------------------------------------------
# P2P and IM
#------------------------------------------------
pass in quick on $ext_if proto tcp from any to $casa port $p2pp
pass in quick on $ext_if proto udp from any to $casa port { 4665, 4672 }
pass out quick on $ext_if proto {tcp, udp} from any to any port $EDKports
queue( emule )
pass out quick on $ext_if proto {tcp, udp} from any port $EDKports to any
queue( emule )
#---------------------------------------------------
# Block netbios for external interface
#---------------------------------------------------
block in quick on $ext_if proto { tcp, udp } from any to any port $netbios
#--------------------------------------------------
# Let all traffic pass out of the external interface if no rule applies
#--------------------------------------------------
pass out quick on $ext_if keep state
