Hi All,
If I understand it correctly, ingress traffic shaping is not possible with
pf/altq.
Are there any tricks to do it?
I suppose that if incoming traffic is sent out by the router further to the
LAN, the incoming traffic can be considered as outcoming traffic and therefore
can be easily s
oming
ACK packet when the TCP download session is over, but no incoming data packets).
Thanks for any help!
Aleksej.
____
Von: shoks [mailto:lowbots...@gmail.com]
Gesendet: Freitag, 21. Mai 2010 04:46
An: Spenst, Aleksej
Cc: freebsd-pf@freebsd.org
Betreff: Re: Ingress tr
-Ursprüngliche Nachricht-
Von: Raymond
Gesendet: Donnerstag, 20. Mai 2010 16:29
An: Spenst, Aleksej
Betreff: Re: Ingress traffic shaping
On 5/20/2010 04:18, Spenst, Aleksej wrote:
> If I understand it correctly, ingress traffic shaping is not possible with
> pf/altq.
> Are
Hi all,
I have the problem that after redirecting the packets with 'route-to' keyword
to the external interface $ext_if, the packets are not queued at $ext_if but
directly go out. The problem is that I have configured queues (ALTQ) at $ext_if
to make prioritization of traffic, but queues are
5 queue q5 keep state
>
>-Ursprüngliche Nachricht-
>Von: owner-freebsd...@freebsd.org
>[mailto:owner-freebsd...@freebsd.org] Im Auftrag von Spenst, Aleksej
>Gesendet: Mittwoch, 16. Juni 2010 18:29
>An: 'freebsd-pf@freebsd.org'
>Betreff: route-to with altq problem
>
>
out on lo0 route-to $ext_if tagged PRIQ5 keep state queue q5
Where the queue q5 belongs to $ext_if and not to lo0, which was not very clear
to me before...
>-Ursprüngliche Nachricht-
>Von: owner-freebsd...@freebsd.org
>[mailto:owner-freebsd...@freebsd.org] Im Auftrag von
Hi All,
I have to provide for my system better security and I guess it would be better
to start pf.conf with the "block all" rule opening afterwards only those
incoming and outcoming ports that are supposed to be used by the system on
external interfaces. However, it would be easier for me to w
Hi All,
at what network level is ALTQ (QoS) implemented? At the IP level or at the
driver level?
I would think that all queuing functionality is probabliy working at the IP
level and should not depend on underlying interfaces. Is that correct? If this
is true, I don't understand why ALTQ must
information.
Thanks,
Aleksej.
>-Ursprüngliche Nachricht-
>Von: Ricky Charlet [mailto:rchar...@adaranet.com]
>Gesendet: Mittwoch, 22. Dezember 2010 17:55
>An: Spenst, Aleksej; 'freebsd-pf@freebsd.org'
>Betreff: RE: why ALTQ must be supported by interface drivers?
>
Hi,
my browser goes online via proxy.
So, when I type http://0.0.0.0 in my browser I see in wireshark the following:
Source Destination Protocol
Info
172.16.102.100172.16.2.17 HTTP GET
http://0.0.0.0/ HTTP/1.1
T
er 2011 17:24
An: Spenst, Aleksej
Cc: freebsd-pf@freebsd.org
Betreff: Re: How to block HTTP packets going to 0.0.0.0 via proxy
On Fri, Oct 7, 2011 at 5:11 PM, Spenst, Aleksej
wrote:
> Hi,
>
> my browser goes online via proxy.
> So, when I type http://0.0.0.0 in my browser I see in w
Hi All,
I have a problem that when I use the rules with "keep state" my use case does
not work.
When I use two rules "pass out" and "pass in" (instead of one "pass out" rule
with keep state) then everything works.
These rules work fine:
pass out quick on wfd0 proto tcp from (self) to 172.16.22
Hi All,
I have one problem with redirection of the fragmented packets. My use case:
A mobile phone sends the RTP video stream to my server. The server has the pf
installed. All RTP packets are redirected from the server to my PC:
|Mobile|-->---RTP>-|Server|--->---RTP--->-|PC
ej.
-Ursprüngliche Nachricht-
Von: Kristof Provost [mailto:kris...@sigsegv.be]
Gesendet: Dienstag, 14. Oktober 2014 15:57
An: Spenst, Aleksej
Cc: freebsd-pf@freebsd.org
Betreff: Re: Fragmented packets are not redirected
On 2014-10-14 09:33:44 (+), Spenst, Aleksej
wrote:
> It is clea
g"/"log-all" keyword and
pflog0 interface. Is this debug level some other kind of debugging? When I
write the option "set debug none" in the pf.conf, I still can see all packets
logged at the pflog0 interface. So, is it something different?
Thanks!
Aleksej.
-Ur
Hi All,
Is there any syntax to block a certain IP range?
For example, I need to block only 100 IPs in the range: 10.0.0.1-10.0.0.100
I can't use the netmask like "block on eth0 from 10.0.0/24" since this will
block 256 addresses.
I don't want also to write all IPs separated by comma like "block o
;
is it a typo? I got the error: "sh: jot: cannot execute - No such file or
directory"
Thanks,
Aleksej.
-Ursprüngliche Nachricht-
Von: Cristiano Deana [mailto:cristiano.de...@gmail.com]
Gesendet: Montag, 27. Oktober 2014 17:31
An: Gary Palmer
Cc: Spenst, Aleksej; freebsd-pf
rag von Adam McDougall
Gesendet: Montag, 27. Oktober 2014 17:53
An: freebsd-pf@freebsd.org
Betreff: Re: How to block IP range
On 10/27/2014 12:11, Spenst, Aleksej wrote:
> Hi All,
>
> Is there any syntax to block a certain IP range?
> For example, I need to block only 100 IPs in the
18 matches
Mail list logo
