OpenForum RSS: pf+vlan+ALTQ

pf+vlan+ALTQ (weldpua2008)

Thu, 24 Apr 2008 15:16:02 GMT

>[�� ]
>>
>> block quick log all
>>
>>�� vlan1?
>>� �� Vlan1 ��
>>Vlan2+Vlan3+vr0, � �� , ��....��, ��
>>�� ....
>
>�� ALTQ �� keep state � ��
>�� .

��.
�� ?

pf+vlan+ALTQ (zedis)

Thu, 24 Apr 2008 12:56:14 GMT

>[�� ]
> pass in quick on $vlan1 from <local> to <vlan1> keep state \
> queue local_vlan1
>##
>
> block quick log all
>
>�� vlan1?
>� �� Vlan1 ��
>Vlan2+Vlan3+vr0, � �� , ��....��, ��
>�� ....

�� ALTQ �� keep state � �� .

pf+vlan+ALTQ (weldpua2008)

Thu, 24 Apr 2008 12:18:16 GMT

�� ...

pf+vlan+ALTQ (weldpua2008)

Fri, 18 Apr 2008 22:25:18 GMT

�� :

# cat /etc/pf.conf
vlan1="vlan1"
table <me> {10.1.1.2}
table <vlan1> {10.12.1.0/24}
table <server> {10.1.1.1}
table <local> {10.13.1.0/24,10.14.1.0/24,10.15.1.0/24,10.16.1.0/24,10.17.1.0/24}

scrub in all

##Vlan1
altq on $vlan1 bandwidth 20Mb cbq queue \
{ gre_vlan1, server_vlan1, local_vlan1, other_vlan1 }
queue gre_vlan1 bandwidth 60% cbq(borrow red) { gre_vlan1_hi,gre_vlan1_lo }
queue gre_vlan1_hi bandwidth 25% priority 7 cbq(borrow red)
queue gre_vlan1_lo bandwidth 75% priority 7 cbq(borrow red)

queue server_vlan1 bandwidth 30% cbq(borrow red)
queue local_vlan1 bandwidth 8% cbq(borrow red)
queue other_vlan1 bandwidth 2% cbq(default borrow red)

##

pass quick proto icmp all
pass in quick on lo0 all
pass quick proto tcp from any to any port = 22 keep state

##VLAN1

pass in quick proto tcp from <vlan1> to <server> port = 1723 keep state \
queue gre_vlan1_hi
pass in quick on $vlan1 proto tcp from <vlan1> to any flags S/SA