Comments on: Building a transparent traffic-shaping bridge

By: Sean

Sean — Fri, 21 Aug 2009 08:37:27 +0000

Good catch – I think I fixed this a long time ago in my live script, but forgot to update the post!…

Thanks,
Sean

By: Ryan Rittenhouse

Ryan Rittenhouse — Thu, 20 Aug 2009 17:00:43 +0000

Thanks for posting this, it’s helped me get a handle of pf packet shaping. One note, you a slight error in the rules you use to put leechers in the penalty queue. You have the following:

pass in quick on $int_if from { } to any queue penalty_out
pass in quick on $ext_if from { } to any queue penalty_in

It should (I think) look like this:

pass in quick on $int_if from { } to any queue penalty_out
pass in quick on $ext_if from any to { } queue penalty_in

At any rate, thanks again!

By: Robert Smith

Robert Smith — Sat, 18 Apr 2009 14:42:15 +0000

Flashdist is an excellent script by Chris Cappuccio. He keeps it pretty updated. He also has a Cisco-like shell for configuration which is quite nice. I can tell he's put a lot of time into it. The most recent version of nsh doesn't compile on OpenBSD 4.4 (yet). We use a modified version of flashdist, and nsh on our OpenSecure VPN / Firewall appliances.