I have a pf question for anyone who is interested. I have this setup in my /etc/pf.conf, to prioritize my VoIP link. (this system also does NAT.)
extif="em0" intif="nfe0" ipphone = "192.168.0.101"
altq on $extif cbq bandwidth 768Kb queue { std, voip }
queue voip bandwidth 168Kb priority 7 cbq(borrow)
queue std bandwidth 600Kb priority 1 cbq(default)
nat on $extif from $intif:network to any -> ($extif)
pass in quick on $intif proto udp from $ipphone to any tag VOIP_OUT keep state
pass in on $intif from $intif:network to any keep state
pass out on $intif from any to $intif:network keep state
pass out on $extif tagged VOIP_OUT keep state queue(voip)
pass out on $extif inet proto tcp all modulate state flags S/SA queue(std)
pass out on $extif inet proto { udp, icmp, gre } all keep state
When I run this, ‘pfctl -s queue’ shows most of the data getting run through the ‘voip’ queue. I unplug the ATA, I still see the number of packets going up. It seems packets are getting tagged that shouldn’t be, but I’m not sure why. Anyone else have a similar – but working – setup?
Update: it was the underscore character in the tag. Everything matched it, it seems. Removing that made it work as expected.
Cool, how did you find out the underscore
caused the problem?
I remember I had similar problems when
scripting with bash. Bash interprets the
underscore in some cases.
It was a random guess where I took it out, just cause it wasn’t a ‘normal’ character. Several examples I had looked at used an underscore in a tag, so I don’t know if maybe I’m confusing something else or the examples were for different versions of pf, or what.