Hi I'm sharing a connection and I'm trying to set aside bandwidth for some users. Here is the pftop -v queue log
QUEUE BANDW SCH PRIO PKTS BYTES DROP_P DROP_B QLEN BORROW SUSPENDS P/S B/S std_out priq 350 55249 0 dns_out priq 4 6 464 0 games_out priq 5 461 25566 0 ssh_out priq 6 0 0 0 tcp_ack_out priq 7 0 0 0 root_xl0 10M cbq 0 657 104572 0 std_in 7M cbq 657 104572 0 luke_in 1M cbq 0 0 0 pete_in 1M cbq 0 0 0 nick_in 1M cbq 0 0 0 As you can see the priq outbound queues work, But I can't get the cbq to work for inbound connections. All connections just go to the default queue. Here is my pf.conf -> love to hear your thoughts, I've tried everything! # cat /etc/pf.conf # macros int_if = "xl0" ext_if = "xl1" tcp_services = "{ 22, 113, 5050, 443, 80 }" udp_services = "{ 443, 5050 }" icmp_types = "echoreq" priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }" luke = "192.168.0.15" nick = "192.168.0.49" pete = "192.168.0.20" myth = "192.168.0.253" obsd = "192.168.0.250" games = "{ 6112:6119, 4711, 29900:29901, 1024:1124, 1500:4999, 27900, 28910, 16567, 55123:55125, 27910, 27960, 4000, 27020:27050, 1200, 27000:27015 }" # options set block-policy return set loginterface $ext_if set optimization aggressive # scrub scrub in all scrub out on $ext_if all random-id #prioritization #outbound altq on $ext_if priq bandwidth 10Mb queue { std_out, web_req, dns_out, games_out, ssh_out, tcp_ack_out } queue std_out priq(default) queue web_req priority 3 queue dns_out priority 4 queue games_out priority 5 queue ssh_out priority 6 queue tcp_ack_out priority 7 #inbound altq on $int_if cbq bandwidth 10Mb queue { std_in, luke_in, pete_in, nick_in } queue std_in bandwidth 70% cbq(default borrow ecn) queue luke_in bandwidth 10% cbq(borrow ecn) queue pete_in bandwidth 10% cbq(borrow ecn) queue nick_in bandwidth 10% cbq(borrow ecn) # nat/rdr nat on $ext_if from $int_if:network to any -> ($ext_if) static-port rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021 rdr on $int_if proto tcp from any to any port www -> 127.0.0.1 port 3128 rdr on $ext_if proto { tcp, udp } from any to any port 443 -> $int_if port 22 rdr on $ext_if proto { tcp, udp } from any to any port www -> $myth port www # filter rules block log all pass quick on lo0 all #stop spoofing block drop in quick on $ext_if from $priv_nets to any block drop out quick on $ext_if from any to $priv_nets #pass rules pass in on $ext_if proto tcp from port 20 to ($ext_if) user proxy flags S/SA keep state pass in on $ext_if proto tcp from any to any port $tcp_services modulate state flags S/SA pass in on $ext_if proto udp from any to any port $udp_services keep state #allow icmp pass in inet proto icmp all icmp-type $icmp_types keep state #allow all traffic to and from lan pass in on $int_if from $int_if:network to any keep state pass out on $int_if from any to $int_if:network keep state pass out on $int_if from any to $luke keep state queue luke_in pass out on $int_if from any to $pete keep state queue pete_in pass out on $int_if from any to $nick keep state queue nick_in #let internal traffic access external using queues defined above pass out on $ext_if proto tcp all modulate state flags S/SA queue (std_out, tcp_ack_out) pass out on $ext_if proto { udp, icmp } all keep state queue std_out pass out on $ext_if proto tcp from any to any port www modulate state queue web_req pass out on $ext_if proto { tcp udp } from any to any port domain keep state queue dns_out pass out on $ext_if proto { tcp udp } from any to any port $games keep state queue games_out pass out on $ext_if proto tcp from any to any port ssh modulate state queue ssh_out pass out on $ext_if proto esp all keep state