Код: Выделить всё
pass in route-to ($pppoe $gw_pppoe) from <stream_B> to !$me keep state
Код: Выделить всё
pass in route-to ($pppoe $gw_pppoe) from <stream_B> to !$me keep state
Код: Выделить всё
pass in on $lan from {$lan_ip !<stream_A> !<stream_B> !<stream_C>} to any flags S/SA probability $PA keep state (max-src-conn-rate 1/60, overload <stream_A> flush global)
pass in on $lan from {$lan_ip !<stream_A> !<stream_B> !<stream_C>} to any flags S/SA probability $PB keep state (max-src-conn-rate 1/60, overload <stream_B> flush global)
pass in on $lan from {$lan_ip !<stream_A> !<stream_B> !<stream_C>} to any flags S/SA probability $PC keep state (max-src-conn-rate 1/60, overload <stream_C> flush global)
и соответственно PC="20%". Так вот почему он так работает?probability $PC
Код: Выделить всё
pass in on em2 inet from 192.168.8.0/24 to any flags S/SA keep state probability 10% (source-track rule, max-src-conn-rate 1/60, overload <stream_A> flush global, src.track 60)
pass in on em2 from ! <stream_A> to any flags S/SA keep state probability 10% (source-track rule, max-src-conn-rate 1/60, overload <stream_A> flush global, src.track 60)
pass in on em2 from ! <stream_B> to any flags S/SA keep state probability 10% (source-track rule, max-src-conn-rate 1/60, overload <stream_A> flush global, src.track 60)
pass in on em2 from ! <stream_C> to any flags S/SA keep state probability 10% (source-track rule, max-src-conn-rate 1/60, overload <stream_A> flush global, src.track 60)
pass in on em2 inet from 192.168.8.0/24 to any flags S/SA keep state probability 50% (source-track rule, max-src-conn-rate 1/60, overload <stream_B> flush global, src.track 60)
pass in on em2 from ! <stream_A> to any flags S/SA keep state probability 50% (source-track rule, max-src-conn-rate 1/60, overload <stream_B> flush global, src.track 60)
pass in on em2 from ! <stream_B> to any flags S/SA keep state probability 50% (source-track rule, max-src-conn-rate 1/60, overload <stream_B> flush global, src.track 60)
pass in on em2 from ! <stream_C> to any flags S/SA keep state probability 50% (source-track rule, max-src-conn-rate 1/60, overload <stream_B> flush global, src.track 60)
pass in on em2 inet from 192.168.8.0/24 to any flags S/SA keep state probability 40% (source-track rule, max-src-conn-rate 1/60, overload <stream_C> flush global, src.track 60)
pass in on em2 from ! <stream_A> to any flags S/SA keep state probability 40% (source-track rule, max-src-conn-rate 1/60, overload <stream_C> flush global, src.track 60)
pass in on em2 from ! <stream_B> to any flags S/SA keep state probability 40% (source-track rule, max-src-conn-rate 1/60, overload <stream_C> flush global, src.track 60)
pass in on em2 from ! <stream_C> to any flags S/SA keep state probability 40% (source-track rule, max-src-conn-rate 1/60, overload <stream_C> flush global, src.track 60)
Нет такой тип правил не работает для 2, его необходимо модернизировать.skeletor писал(а):Для 2-х работает потому что, каждая probability одного правила дополняет probability в другом. А для 3-ох поэтому и не работает.