Hi Folks
We have been using pf on our campus firewall for many years now and
are now looking at adding some queueing.
I know that one can only queue on the outbound interface. We want to
queue traffic in both directions so we have to have two queues one on
the external interface to queue outbound traffic and one on the
internal interface to queue the incoming traffic. So far so good.
What has me a little confused is how best to handle sessions with state.
we have a rule:
pass out quick on $ext_if from <unlimited> to any keep state queue
unlimited_out
where unimited_out is defined as applying to $ext_if.
We have defined a queue unlimited_in on $int_if but what is the best
way to assign the traffic to it?
After reading the docs I conclude that I should change the state
policy to if_bound and add
pass out quick on $int_if from <unlimited> to any modulate state
queue unlimited_out
Is this the best way to do it?
Thanks, Russell