Ok, this is the situation.
i want to limit download speed on PORT lvl..
and limit DNS bandwide
dunno what is wrong.
but NEWS/FTP is still running on full speed.
someone a idea how i can fix this?
pf tutorial isnt making sense
Config added.
Code:
######## START CONFIG ##########
#
ext_if = "dc0"
int_if = "sk0"
#
set block-policy drop
set loginterface $ext_if
set limit { frags 5000, states 10000 }
set state-policy floating
set optimization normal
set ruleset-optimization basic
set timeout interval 10
set timeout frag 30
set skip on lo
#
# intern -> extern
altq on $ext_if cbq bandwidth 1024Kb queue { std_ext, FTP_ext, NEWS_ext, DNS_ext }
queue std_ext bandwidth 640Kb cbq(default borrow)
queue FTP_ext bandwidth 128Kb cbq
queue NEWS_ext bandwidth 128Kb cbq
queue DNS_ext bandwidth 128Kb cbq
#
# extern -> intern
altq on $int_if cbq bandwidth 20480Kb queue { std_int, FTP_int, NEWS_int, DNS_int }
queue std_int bandwidth 10240Kb cbq(default borrow)
queue FTP_int bandwidth 256Kb cbq
queue NEWS_int bandwidth 256Kb cbq
queue DNS_int bandwidth 128Kb cbq
#
#
match out on egress inet from !(egress) to any nat-to (egress:0)
block all
#
### Q DNS
pass out quick on $ext_if proto { tcp,udp } from any to any port domain queue DNS_ext
pass in quick on $int_if proto { tcp,udp } from any to any port domain queue DNS_int
#
### Q NEWS
pass out quick on $ext_if proto tcp from any to any port { 119 } queue NEWS_ext
pass in quick on $int_if proto tcp from any to any port { 119 } queue NEWS_int
#
### Q FTP
pass out quick on $ext_if proto tcp from any to any port { 20,21 } queue FTP_ext
pass in quick on $int_if proto tcp from any to any port { 20,21 } queue FTP_int
#
antispoof for $ext_if inet
pass out on $ext_if inet from any to any queue std_ext
pass in on $int_if from any to any queue std_int
#
########## END CONFIG ############
