pf altq on bge
husnu demir
hdemir at metu.edu.tr
Mon Jan 30 06:36:02 PST 2006
Also NOTES says that for altq;
options ALTQ_NOPCC # Required for SMP build
Just in case you want to use that.
Husnu Demir.
On Mon, Jan 30, 2006 at 04:32:36PM +0300, Roman Gorohov. wrote:
> Çäğàâñòâóéòå, Admin.
>
> Âû ïèñàëè 30 ?????? 2006 ?., 16:02:30:
>
> > Hi I have some problems with FreeBSD 5.4 Stable using pf and altq
>
> > This my kernconf
> > ============
> > machine i386
> > cpu I686_CPU
> > ident JOSS
> > maxusers 512
>
> > # To statically compile in device wiring instead of /boot/device.hints
> > #hints "GENERIC.hints" # Default places to look for devices.
>
> > options SCHED_4BSD # 4BSD scheduler
> > options INET # InterNETworking
> > ##options INET6 # IPv6 communications protocols
> > options FFS # Berkeley Fast Filesystem
> > options SOFTUPDATES # Enable FFS soft updates support
> > options UFS_ACL # Support for access control lists
> > options UFS_DIRHASH # Improve performance on big directories
> > options MD_ROOT # MD is a potential root device
> > options CD9660 # ISO 9660 Filesystem
> > options PROCFS # Process filesystem (requires PSEUDOFS)
> > options PSEUDOFS # Pseudo-filesystem framework
> > options GEOM_GPT # GUID Partition Tables.
> > options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
> > options COMPAT_FREEBSD4 # Compatible with FreeBSD4
> > options KTRACE # ktrace(1) support
> > options SYSVSHM # SYSV-style shared memory
> > options SYSVMSG # SYSV-style message queues
> > options SYSVSEM # SYSV-style semaphores
> > options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time
> > extensions
> > options KBD_INSTALL_CDEV # install a CDEV entry in /dev
> > options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
> > # output. Adds ~128k to driver.
> > options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
> > # output. Adds ~215k to driver.
> > options ADAPTIVE_GIANT # Giant mutex is adaptive.
>
> > device apic # I/O APIC
>
> > # Bus support. Do not remove isa, even if you have no isa slots
> > device isa
> > device eisa
> > device pci
>
> > # ATA and ATAPI devices
> > device ata
> > device atadisk # ATA disk drives
> > device atapicd # ATAPI CDROM drives
> > options ATA_STATIC_ID # Static device numbering
>
> > # atkbdc0 controls both the keyboard and the PS/2 mouse
> > device atkbdc # AT keyboard controller
> > device atkbd # AT keyboard
>
> > device vga # VGA video card driver
>
> > device splash # Splash screen and screen saver support
>
> > # syscons is the default console driver, resembling an SCO console
> > device sc
>
> > device agp # support several AGP chipsets
>
> > # Floating point support - do not disable.
> > device npx
>
> > # Add suspend/resume support for the i8254.
> > device pmtimer
>
>
> > # Serial (COM) ports
> > device sio # 8250, 16[45]50 based serial ports
>
> > # PCI Ethernet NICs that use the common MII bus controller code.
> > # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
> > device miibus # MII bus support
> > device bge # Broadcom BCM570xx Gigabit Ethernet
>
> > # Pseudo devices.
> > device loop # Network loopback
> > device mem # Memory and kernel memory devices
> > device io # I/O device
> > device random # Entropy device
> > device ether # Ethernet support
> > device tun # Packet tunnel.
> > device pty # Pseudo-ttys (telnet etc)
> > device md # Memory "disks"
> > ##device gif # IPv6 and IPv4 tunneling
> > ##device faith # IPv6-to-IPv4 relaying (translation)
>
> > # The `bpf' device enables the Berkeley Packet Filter.
> > # Be aware of the administrative consequences of enabling this!
> > # Note that 'bpf' is required for DHCP.
> > device bpf # Berkeley packet filter
>
> > # SMP
> > options SMP
>
> > # snooop
> > device snp
>
> > ## PF
> > device pf
> > device pflog
> > device pfsync
>
> > options ALTQ
> > options ALTQ_CBQ
> > options ALTQ_RED
> > options ALTQ_RIO
> > options ALTQ_HFSC
> > options ALTQ_PRIQ
>
> > options QUOTA
>
> > pf.conf + altq config
> > ==============
> > ## set macros
> > ext_if="bge0"
> > main_ip="xx.xx.xx" < i remove :)
> > http_ports="{ 43, 80 }"
> > sec_ports="{ 22 }"
> > tcp_serv="{ 20, 21, 25, 53 }"
> > dns_ports="{ 43, 53, 123 }"
> > irc_ports="{ 113, 2000 >< 8005, 8300 >< 9000, 30000 >< 40000 }"
> > icmp_t="echoreq"
> tracert="33434 >>< 33450"
>
> > ## main set options
> > set timeout { frag 30, interval 10 }
> > set limit { frags 5000, states 3000 }
> > set loginterface $ext_if
> > set block-policy drop
> > set optimization normal
> > scrub in all
>
> > ## QUEUES - ALTQ rules
> > altq on bge0 cbq bandwidth 100Mb queue { q_all }
> > queue q_all bandwidth 100% cbq { q_def, q_pri, q_misc, q_web, q_dns, q_irc }
> > queue q_def bandwidth 25% priority 1 cbq(borrow default red ecn)
> > queue q_misc bandwidth 10% priority 0 cbq(red)
> > queue q_web bandwidth 15% priority 4 cbq(borrow)
> > queue q_dns bandwidth 25% priority 5 cbq(borrow)
> > queue q_irc bandwidth 25% priority 6 cbq(borrow)
> > queue q_pri priority 7
>
> > ## Default Block
> > block in all
> > block out all
>
> > #=- Table
> > table <spoof> persist file "/etc/pftable/spoof.conf"
> > table <ddos> persist file "/etc/pftable/ddos.conf"
> > table <sindo> persist file "/etc/pftable/servindo.conf"
> > table <bfd> persist file "/etc/pftable/bfd.conf"
> > table <int> persist file "/etc/pftable/int.conf"
> > table <igh> persist file "/etc/pftable/joss.conf"
>
>
> > block in quick on $ext_if from { <spoof>, <ddos>, <sindo>, <bfd>, <int> } to any
>
> > pass quick on lo0 all
> > pass inet proto icmp from <joss> to any icmp-type $icmp_t keep state
> > queue q_misc
> > pass out quick proto udp from any to any port $tracert keep state queue q_def
> > pass quick proto tcp from any to any port $tcp_serv keep state queue q_def
>
> > pass in quick proto tcp from <igh> to any port 22 keep state
> > pass quick proto tcp from any to any port $sec_ports keep state queue q_pri
>
> > pass quick proto udp from any to any port $dns_ports keep state queue q_dns
> > pass out quick proto { tcp, udp } from <igh> to any port { 161, 162 }
> > keep state queue q_dns
>
> > pass in quick proto tcp from any to $main_ip port $http_ports flags
> > S/SA synproxy state queue q_web
> > pass out quick proto tcp from $main_ip to any port $http_ports keep
> > state queue q_web
>
> > pass quick proto tcp from any to any port $irc_ports keep state queue q_irc
>
> > ============================
>
> > i try to load the configuration conf,
>
> > # pfctl -f /etc/pf.conf.altq
> > pfctl: bge0: driver does not support altq
>
> > any one can help me to resolv this problem.
>
> > Nb: no error messege if the altq disabled.
>
> > Thank's
> > _______________________________________________
> > freebsd-pf at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
> ALTQ doen not support device bge on 5.4. It does on 6.0.
>
> --
> Roman Gorohov.
>
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
More information about the freebsd-pf
mailing list