I forgot to note that, for those of you 1) using pf as a gateway
firewall and 2) using an asymmetrical line (e.g. DSL) for Internet
access, you can prioritize ACKs to gain a more responsive connection
under heavy load (commonly, BT) just like on an IOS-based router.
Here's some basic pf config to accomplish this:
ext_if="bfe0"
altq on $ext_if priq bandwidth 350Kb queue { q_pri, q_def }
queue q_pri priority 7
queue q_def priority 1 priq(default)
pass out on $ext_if proto tcp from $ext_if to any flags S/SA \
keep state queue (q_def, q_pri)
pass in on $ext_if proto tcp from any to $ext_if flags S/SA \
keep state queue (q_def, q_pri)
Note that I used 350Kb instead of the actual 384Kb on a 1.5Mbps ADSL
line, as PPPoE adds some overhead to the line. Adjust this value and
the interface macro to taste. Serve chilled. Makes 4 servings.
--
If UNIX doesn't have the solution you have the wrong problem.
UNIX is simple, but it takes a genius to understand it's simplicity.
_______________________________________________
RLUG mailing list
[email protected]
http://lists.rlug.org/mailman/listinfo/rlug
