forum.lissyara.su

Код: Выделить всё

 # Options: tune the behavior of pf
 set optimization         aggressive
 set block-policy         drop
 set limit                { frags 5000, states 5000 }
 set skip                 on lo0
#set loginterface         ng0

 # normalise packets
 scrub in  all fragment reassemble no-df
 scrub out all random-id fragment reassemble

 # Queueing: rule-based bandwidth control.
 altq on $ifppp cbq bandwidth 1960Kb queue { router, media, ack, ssh, std }
    queue router on $ifppp bandwidth 5%  qlimit 10 priority 7 cbq(borrow)
    queue media  on $ifppp bandwidth 85% qlimit 30 priority 5 cbq { voip, video }
        queue voip  on $ifppp bandwidth 90% qlimit 15 priority 7 cbq(red)
        queue video on $ifppp bandwidth 10% qlimit 15 priority 0 cbq(borrow red)
    queue ssh    on $ifppp bandwidth 5%  qlimit 30 priority 3 cbq(borrow) { ssh_login, ssh_bulk }
        queue ssh_login on $ifppp bandwidth 30% qlimit 15 priority 7 cbq(borrow red ecn)
        queue ssh_bulk  on $ifppp bandwidth 70% qlimit 15 priority 0 cbq(borrow red ecn)
    queue std    on $ifppp bandwidth 5%  qlimit 30 priority 1 cbq(borrow default) {std_pri, std_std }
        queue std_pri  on $ifppp bandwidth 50% qlimit 15 priority 7 cbq(borrow red ecn)
        queue std_std  on $ifppp bandwidth 50% qlimit 15 priority 0 cbq(borrow red ecn)

 # Begin ruleset
 # routers queue
 pass out quick on $ifppp proto ospf queue router
 pass out quick on $ifppp proto egp  queue router
 pass out quick on $ifppp proto igp  queue router

 # ssh queue
 pass out quick on $ifppp inet proto tcp from $me to any port $ssh_ports flags S/SA $ks queue(ssh_login, ssh_bulk)
 pass in  quick on $ifppp inet proto tcp from any to $me port $ssh_ports flags S/SA $ks queue(ssh_login, ssh_bulk)

# #setup media queue
# pass out on $ifppp inet from any to any tos 10 $ks queue media

 # default
 pass out on $ifppp queue(std_pri, std_std)