Queue question

[sniper007]

Hi guys!

I need some help with queuing. Here is my problem:

I have ssh server. Other client connect to my ssh server.

I want to queue this packets which goes from my external interface to client. Is it possible, because this rule doesn't works ?



pass out quick  on $ext_if inet proto tcp  from $ext_if port 22 to any queue ssh

 

[graudeejs]

you need to pass connection [red]in[/red], not out,
If this rule is on server

 

[sniper007]

Same server is ssh and pf firewall.

you need to pass connection in, not out,

hm, but i want queuing packets which travel from my server to client, i don't care for packets from client to my server, because i have enough download bandwidth...

 

[graudeejs]

If client want to make connection to server, you need to pass in.
If you change out to in in you rule, outgoing packets will be queued
incoming packets can't be queued, because once they are arrived and pf works with them, it's already to late to queue them (simply speaking you can't queue incoming packets)

 

[sniper007]

cool, i don't know that i can queue outgoing packet with pass in rule..
thanks!

 

[graudeejs]

pass in only tells firewall to accept connections from client to server,
you use pass out only to tell firewall that some app on server needs to connect to internet (for example ntp)

 

[DutchDaemon]

And yes, queue statements handle stateful connections. In other words: outbound traffic caused by an incoming request (e.g. a website served as a result of an incoming http request) gets passed to the outbound traffic queue defined on the pass in rule for that request.