-----------------
# pfctl -sq
queue root_sis1 bandwidth 10Mb priority 0 {qWANRoot}
queue qWANRoot bandwidth 768Kb priority 6 {qWANdef, qWANacks, qVOIPUp}
queue qWANdef bandwidth 7.68Kb priority 3 hfsc( default realtime(76.80Kb 1
76.80Kb) linkshare(0 b 1000 76.80Kb) upperlimit(768Kb 100 691.20Kb) )
queue qWANacks bandwidth 7.68Kb priority 6 hfsc( realtime(76.80Kb 1
76.80Kb) linkshare(0 b 1000 76.80Kb) upperlimit(614.40Kb 1 614.40Kb) )
queue qVOIPUp bandwidth 7.68Kb priority 7 hfsc( red ecn realtime(256Kb 1
256Kb) linkshare(0 b 1000 76.80Kb) upperlimit(256Kb 1 256Kb) )
queue root_sis0 bandwidth 100Mb priority 0 {qLANRoot}
queue qLANRoot bandwidth 1.50Mb priority 6 {qLANdef, qLANacks, qVOIPDown}
queue qLANdef bandwidth 15Kb priority 3 hfsc( default realtime(150Kb 1
150Kb) linkshare(0 b 1000 150Kb) upperlimit(1.50Mb 100 1.35Mb) )
queue qLANacks bandwidth 15Kb priority 6 hfsc( realtime(150Kb 1 150Kb)
linkshare(0 b 1000 150Kb) upperlimit(1.20Mb 1 1.20Mb) )
queue qVOIPDown bandwidth 15Kb priority 7 hfsc( red ecn realtime(256Kb 1
256Kb) linkshare(0 b 1000 150Kb) upperlimit(256Kb 1 256Kb) )
#
------------------------------
------------------------------
#
# pfctl -sr
scrub on ng0 all max-mss 1452 fragment reassemble
pass in on sis0 inet from 192.168.1.0/24 to any tos 0x10 keep state tag
qVOIPDown
pass out on ng0 all tos 0x10 keep state tag qVOIPUp
pass in on ng0 inet from any to 192.168.1.0/24 tos 0x10 keep state tag
qVOIPUp
pass out on sis0 inet from any to 192.168.1.0/24 tos 0x10 keep state tag
qVOIPDown
anchor "firewallrules" all
anchor "loopback" all
pass in quick on lo0 all label "pass loopback"
pass out quick on lo0 all label "pass loopback"
anchor "packageearly" all
anchor "carp" all
anchor "ftpproxy" all
anchor "pftpx/*" all
pass in quick on ng0 inet proto tcp from any port = ftp-data to (ng0) port >
49000 user = 62 flags S/SA keep state label "FTP PROXY: PASV mode data
connection"
anchor "dhcpserverlan" all
pass in quick on sis0 inet proto udp from any port = bootpc to
255.255.255.255 port = bootps label "allow access to DHCP server on LAN"
pass in quick on sis0 inet proto udp from any port = bootpc to 192.168.1.1
port = bootps label "allow access to DHCP server on LAN"
pass out quick on sis0 inet proto udp from 192.168.1.1 port = bootps to any
port = bootpc label "allow access to DHCP server on LAN"
anchor "wanspoof" all
block drop in log quick on ng0 inet from 192.168.1.0/24 to any label "WAN
spoof check"
anchor "wandhcp" all
pass out quick on ng0 proto udp from any port = bootpc to any port = bootps
label "allow dhcp client out wan"
block drop in log quick on ng0 inet proto udp from any port = bootps to
192.168.1.0/24 port = bootpc label "allow dhcp client out wan"
pass in quick on ng0 proto udp from any port = bootps to any port = bootpc
label "allow dhcp client out wan"
block drop in on ! sis0 inet from 192.168.1.0/24 to any
block drop in on sis0 inet6 from fe80::20d:b9ff:fe02:59d8 to any
block drop in inet from 192.168.1.1 to any
anchor "spoofing" all
block drop in log quick on ng0 inet from 10.0.0.0/8 to any label "block
private networks from wan block 10/8"
block drop in log quick on ng0 inet from 127.0.0.0/8 to any label "block
private networks from wan block 127/8"
block drop in log quick on ng0 inet from 172.16.0.0/12 to any label "block
private networks from wan block 172.16/12"
block drop in log quick on ng0 inet from 192.168.0.0/16 to any label "block
private networks from wan block 192.168/16"
anchor "limitingesr" all
anchor "wanbogons" all
block drop in log quick on ng0 from <bogons> to any label "block bogon
networks from wan"
anchor "firewallout" all
pass out quick on ng0 all keep state label "let out anything from firewall
host itself" queue qWANRoot tagged qWANRoot
pass out quick on ng0 all keep state label "let out anything from firewall
host itself" queue qWANdef tagged qWANdef
pass out quick on ng0 all keep state label "let out anything from firewall
host itself" queue qLANRoot tagged qLANRoot
pass out quick on ng0 all keep state label "let out anything from firewall
host itself" queue qLANdef tagged qLANdef
pass out quick on ng0 all keep state label "let out anything from firewall
host itself" queue qLANacks tagged qLANacks
pass out quick on ng0 all keep state label "let out anything from firewall
host itself" queue qWANacks tagged qWANacks
pass out quick on ng0 all keep state label "let out anything from firewall
host itself" queue qVOIPUp tagged qVOIPUp
pass out quick on ng0 all keep state label "let out anything from firewall
host itself" queue qVOIPDown tagged qVOIPDown
pass out quick on ng0 all keep state label "let out anything from firewall
host itself"
pass out quick on sis0 all keep state label "let out anything from firewall
host itself" queue qWANRoot tagged qWANRoot
pass out quick on sis0 all keep state label "let out anything from firewall
host itself" queue qWANdef tagged qWANdef
pass out quick on sis0 all keep state label "let out anything from firewall
host itself" queue qLANRoot tagged qLANRoot
pass out quick on sis0 all keep state label "let out anything from firewall
host itself" queue qLANdef tagged qLANdef
pass out quick on sis0 all keep state label "let out anything from firewall
host itself" queue qLANacks tagged qLANacks
pass out quick on sis0 all keep state label "let out anything from firewall
host itself" queue qWANacks tagged qWANacks
pass out quick on sis0 all keep state label "let out anything from firewall
host itself" queue qVOIPUp tagged qVOIPUp
pass out quick on sis0 all keep state label "let out anything from firewall
host itself" queue qVOIPDown tagged qVOIPDown
pass out quick on sis0 all keep state label "let out anything from firewall
host itself"
pass out quick on ng0 all keep state label "let out anything from firewall
host itself pptp"
pass out quick on ng0 all keep state label "let out anything from firewall
host itself pppoe"
anchor "anti-lockout" all
pass in quick inet from 192.168.1.0/24 to 192.168.1.1 keep state label
"anti-lockout web rule"
block drop in log proto tcp from <sshlockout> to any port = ssh label
"sshlockout"
anchor "qWANRoot" all tagged qWANRoot
anchor "qWANdef" all tagged qWANdef
anchor "qLANRoot" all tagged qLANRoot
anchor "qLANdef" all tagged qLANdef
anchor "qLANacks" all tagged qLANacks
anchor "qWANacks" all tagged qWANacks
anchor "qVOIPUp" all tagged qVOIPUp
anchor "qVOIPDown" all tagged qVOIPDown
pass in quick on sis0 inet from 192.168.1.0/24 to any keep state label
"USER_RULE: Default LAN -> any" queue(qLANdef, qLANacks)
block drop in log quick all label "Default block all just to be sure."
block drop out log quick all label "Default block all just to be sure."
#
---------------------------
----- Original Message -----
From: "Dan Swartzendruber" <[EMAIL PROTECTED]>
To: <support@pfsense.com>
Sent: Wednesday, October 26, 2005 3:10 PM
Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to
less than 100k
At 04:07 PM 10/26/2005, you wrote:
Looks like this now:
----------------------------
scrub on ng0 all max-mss 1452
#altq on sis1 hfsc bandwidth 10Mb queue { qWANRoot }
altq on ng0 hfsc bandwidth 10Mb queue { qWANRoot }
altq on sis0 hfsc bandwidth 100Mb queue { qLANRoot }
-----------------------
No joy.
what do 'pfctl -sq' and 'pfctl -sr' show?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
