ALTQ on traffic originating from the firewall

[gamanakis]

Does anyone know if on pf/altq an alternative to the Linux ifb exists? I am trying to shape the incoming traffic originating from the host (i.e. downloads with wget) on which pf is running.

The traffic passes through my rules but there is no interface in order to be classified as outgoing so that shaping can occur.

I also tried with jails but to no avail. In this occasion the traffic does not at all passes through my rules.

 

[kpa]

You can only shape outgoing traffic on a given interface because it's the only direction where you can delay the transmit of a packet. On incoming direction the only option would be just dropping the packet and force the sending side to retransmit the packet(s).

 

[gamanakis]

Exactly that problem is dealt in Linux with the ifb driver, so that the incoming traffic to the host (e.g. from the WAN interface) is seen from the kernel as outgoing.

 

[J65nko]

I never tried it myself, but if I remember correctly, dummynet(4) which is integrated in ipfw(8) can shape incoming traffic.

 

[Orum]

In general for this sort of thing I prefer the application itself to impose an accept rate rather than do the shaping in the firewall. That said, it's not always supported. I think you can also do some hackery with netgraph(4), if you understand it :e.