head	1.3;
access;
symbols
	RELENG_8_4:1.3.0.2
	RELENG_9_1_0_RELEASE:1.2.4.1.4.2
	RELENG_9_1:1.2.4.1.0.4
	RELENG_9_1_BP:1.2.4.1
	RELENG_8_3_0_RELEASE:1.2.2.1.8.1
	RELENG_8_3:1.2.2.1.0.8
	RELENG_8_3_BP:1.2.2.1
	RELENG_9_0_0_RELEASE:1.2.4.1.2.1
	RELENG_9_0:1.2.4.1.0.2
	RELENG_9_0_BP:1.2.4.1
	RELENG_9:1.2.0.4
	RELENG_9_BP:1.2
	RELENG_7_4_0_RELEASE:1.1.12.1.10.1
	RELENG_8_2_0_RELEASE:1.2.2.1.6.1
	RELENG_7_4:1.1.12.1.0.10
	RELENG_7_4_BP:1.1.12.1
	RELENG_8_2:1.2.2.1.0.6
	RELENG_8_2_BP:1.2.2.1
	RELENG_8_1_0_RELEASE:1.2.2.1.4.1
	RELENG_8_1:1.2.2.1.0.4
	RELENG_8_1_BP:1.2.2.1
	RELENG_7_3_0_RELEASE:1.1.12.1.8.1
	RELENG_7_3:1.1.12.1.0.8
	RELENG_7_3_BP:1.1.12.1
	RELENG_8_0_0_RELEASE:1.2.2.1.2.1
	RELENG_8_0:1.2.2.1.0.2
	RELENG_8_0_BP:1.2.2.1
	RELENG_8:1.2.0.2
	RELENG_8_BP:1.2
	RELENG_7_2_0_RELEASE:1.1.12.1.6.1
	RELENG_7_2:1.1.12.1.0.6
	RELENG_7_2_BP:1.1.12.1
	RELENG_7_1_0_RELEASE:1.1.12.1.4.1
	RELENG_6_4_0_RELEASE:1.1.16.1
	RELENG_7_1:1.1.12.1.0.4
	RELENG_7_1_BP:1.1.12.1
	RELENG_6_4:1.1.0.16
	RELENG_6_4_BP:1.1
	RELENG_7_0_0_RELEASE:1.1.12.1
	RELENG_6_3_0_RELEASE:1.1
	RELENG_7_0:1.1.12.1.0.2
	RELENG_7_0_BP:1.1.12.1
	RELENG_6_3:1.1.0.14
	RELENG_6_3_BP:1.1
	RELENG_7:1.1.0.12
	RELENG_7_BP:1.1
	RELENG_6_2_0_RELEASE:1.1
	RELENG_6_2:1.1.0.10
	RELENG_6_2_BP:1.1
	RELENG_5_5_0_RELEASE:1.1.2.1
	RELENG_5_5:1.1.2.1.0.6
	RELENG_5_5_BP:1.1.2.1
	RELENG_6_1_0_RELEASE:1.1
	RELENG_6_1:1.1.0.8
	RELENG_6_1_BP:1.1
	RELENG_6_0_0_RELEASE:1.1
	RELENG_6_0:1.1.0.6
	RELENG_6_0_BP:1.1
	RELENG_6:1.1.0.4
	RELENG_6_BP:1.1
	RELENG_5_4_0_RELEASE:1.1.2.1
	RELENG_5_4:1.1.2.1.0.4
	RELENG_5_4_BP:1.1.2.1
	RELENG_5_3_0_RELEASE:1.1.2.1
	RELENG_5_3:1.1.2.1.0.2
	RELENG_5_3_BP:1.1.2.1
	RELENG_5:1.1.0.2;
locks; strict;
comment	@# @;


1.3
date	2012.11.17.01.50.32;	author svnexp;	state Exp;
branches
	1.3.2.1;
next	1.2;

1.2
date	2007.11.11.01.16.51;	author mlaier;	state Exp;
branches
	1.2.2.1
	1.2.4.1;
next	1.1;

1.1
date	2004.09.14.01.07.18;	author mlaier;	state Exp;
branches
	1.1.2.1
	1.1.4.1
	1.1.12.1
	1.1.16.1;
next	;

1.3.2.1
date	2012.11.17.01.50.32;	author svnexp;	state dead;
branches;
next	1.3.2.2;

1.3.2.2
date	2013.03.28.13.03.42;	author svnexp;	state Exp;
branches;
next	;

1.2.2.1
date	2009.08.03.08.13.06;	author kensmith;	state Exp;
branches
	1.2.2.1.2.1
	1.2.2.1.4.1
	1.2.2.1.6.1
	1.2.2.1.8.1;
next	1.2.2.2;

1.2.2.2
date	2012.11.17.10.36.19;	author svnexp;	state Exp;
branches;
next	;

1.2.2.1.2.1
date	2009.10.25.01.10.29;	author kensmith;	state Exp;
branches;
next	;

1.2.2.1.4.1
date	2010.06.14.02.09.06;	author kensmith;	state Exp;
branches;
next	;

1.2.2.1.6.1
date	2010.12.21.17.09.25;	author kensmith;	state Exp;
branches;
next	;

1.2.2.1.8.1
date	2012.03.03.06.15.13;	author kensmith;	state Exp;
branches;
next	1.2.2.1.8.2;

1.2.2.1.8.2
date	2012.11.17.08.24.59;	author svnexp;	state Exp;
branches;
next	;

1.2.4.1
date	2011.09.23.00.51.37;	author kensmith;	state Exp;
branches
	1.2.4.1.2.1
	1.2.4.1.4.1;
next	1.2.4.2;

1.2.4.2
date	2012.11.17.11.36.35;	author svnexp;	state Exp;
branches;
next	;

1.2.4.1.2.1
date	2011.11.11.04.20.22;	author kensmith;	state Exp;
branches;
next	1.2.4.1.2.2;

1.2.4.1.2.2
date	2012.11.17.08.36.34;	author svnexp;	state Exp;
branches;
next	;

1.2.4.1.4.1
date	2012.08.05.23.54.33;	author kensmith;	state Exp;
branches;
next	1.2.4.1.4.2;

1.2.4.1.4.2
date	2012.11.17.08.47.24;	author svnexp;	state Exp;
branches;
next	;

1.1.2.1
date	2004.09.17.18.27.15;	author mlaier;	state Exp;
branches;
next	;

1.1.4.1
date	2012.11.17.07.41.34;	author svnexp;	state Exp;
branches;
next	;

1.1.12.1
date	2007.11.11.02.16.00;	author mlaier;	state Exp;
branches
	1.1.12.1.4.1
	1.1.12.1.6.1
	1.1.12.1.8.1
	1.1.12.1.10.1;
next	1.1.12.2;

1.1.12.2
date	2012.11.17.08.03.54;	author svnexp;	state Exp;
branches;
next	;

1.1.12.1.4.1
date	2008.11.25.02.59.29;	author kensmith;	state Exp;
branches;
next	;

1.1.12.1.6.1
date	2009.04.15.03.14.26;	author kensmith;	state Exp;
branches;
next	;

1.1.12.1.8.1
date	2010.02.10.00.26.20;	author kensmith;	state Exp;
branches;
next	;

1.1.12.1.10.1
date	2010.12.21.17.10.29;	author kensmith;	state Exp;
branches;
next	1.1.12.1.10.2;

1.1.12.1.10.2
date	2012.11.17.08.16.57;	author svnexp;	state Exp;
branches;
next	;

1.1.16.1
date	2008.10.02.02.57.24;	author kensmith;	state Exp;
branches;
next	;


desc
@@


1.3
log
@Switching exporter and resync
@
text
@# $FreeBSD: head/share/examples/pf/faq-example3 173536 2007-11-11 01:16:51Z mlaier $
# $OpenBSD: faq-example3,v 1.4 2006/10/07 04:48:01 mcbride Exp $

#
# Company Network
# http://www.openbsd.org/faq/pf/queueing.html#example2
#


# enable queueing on the external interface to queue packets going out
# to the Internet. use the cbq scheduler so that the bandwidth use of
# each queue can be controlled. the max outgoing bandwidth is 1.5Mbps.

altq on fxp0 cbq bandwidth 1.5Mb queue { std_ext, www_ext, boss_ext }

# define the parameters for the child queues.
# std_ext        - the standard queue. also the default queue for
#                  outgoing traffic on fxp0.
# www_ext        - container queue for WWW server queues. limit to
#                  500Kbps.
#   www_ext_http - http traffic from the WWW server; higher priority.
#   www_ext_misc - all non-http traffic from the WWW server.
# boss_ext       - traffic coming from the boss's computer.

queue std_ext        bandwidth 500Kb cbq(default borrow)
queue www_ext        bandwidth 500Kb { www_ext_http, www_ext_misc }
  queue www_ext_http bandwidth 50% priority 3 cbq(red borrow)
  queue www_ext_misc bandwidth 50% priority 1 cbq(borrow)
queue boss_ext       bandwidth 500Kb priority 3 cbq(borrow)

# enable queueing on the internal interface to control traffic coming
# from the Internet or the DMZ. use the cbq scheduler to control the
# bandwidth of each queue. bandwidth on this interface is set to the
# maximum. traffic coming from the DMZ will be able to use all of this
# bandwidth while traffic coming from the Internet will be limited to
# 1.0Mbps (because 0.5Mbps (500Kbps) is being allocated to fxp1).

altq on dc0 cbq bandwidth 100% queue { net_int, www_int }

# define the parameters for the child queues.
# net_int    - container queue for traffic from the Internet. bandwidth
#              is 1.0Mbps.
#   std_int  - the standard queue. also the default queue for outgoing
#              traffic on dc0.
#   it_int   - traffic to the IT Dept network; reserve them 500Kbps.
#   boss_int - traffic to the boss's PC; assign a higher priority.
# www_int    - traffic from the WWW server in the DMZ; full speed.

queue net_int    bandwidth 1.0Mb { std_int, it_int, boss_int }
  queue std_int  bandwidth 250Kb cbq(default borrow)
  queue it_int   bandwidth 500Kb cbq(borrow)
  queue boss_int bandwidth 250Kb priority 3 cbq(borrow)
queue www_int    bandwidth 99Mb cbq(red borrow)

# enable queueing on the DMZ interface to control traffic destined for
# the WWW server. cbq will be used on this interface since detailed
# control of bandwidth is necessary. bandwidth on this interface is set
# to the maximum. traffic from the internal network will be able to use
# all of this bandwidth while traffic from the Internet will be limited
# to 500Kbps.

altq on fxp1 cbq bandwidth 100% queue { internal_dmz, net_dmz }

# define the parameters for the child queues.
# internal_dmz   - traffic from the internal network.
# net_dmz        - container queue for traffic from the Internet.
#   net_dmz_http - http traffic; higher priority.
#   net_dmz_misc - all non-http traffic. this is also the default queue.

queue internal_dmz   bandwidth 99Mb cbq(borrow)
queue net_dmz        bandwidth 500Kb { net_dmz_http, net_dmz_misc }
  queue net_dmz_http bandwidth 50% priority 3 cbq(red borrow)
  queue net_dmz_misc bandwidth 50% priority 1 cbq(default borrow)


# ... in the filtering section of pf.conf ...

main_net  = "192.168.0.0/24"
it_net    = "192.168.1.0/24"
int_nets  = "{ 192.168.0.0/24, 192.168.1.0/24 }"
dmz_net   = "10.0.0.0/24"

boss      = "192.168.0.200"
wwwserv   = "10.0.0.100"

# default deny
block on { fxp0, fxp1, dc0 } all

# filter rules for fxp0 inbound
pass in on fxp0 proto tcp from any to $wwwserv port { 21, \
        > 49151 } queue www_ext_misc
pass in on fxp0 proto tcp from any to $wwwserv port 80 \
        queue www_ext_http

# filter rules for fxp0 outbound
pass out on fxp0 from $int_nets to any
pass out on fxp0 from $boss to any queue boss_ext

# filter rules for dc0 inbound
pass in on dc0 from $int_nets to any
pass in on dc0 from $it_net to any queue it_int
pass in on dc0 from $boss to any queue boss_int
pass in on dc0 proto tcp from $int_nets to $wwwserv port { 21, 80, \
        > 49151 } queue www_int

# filter rules for dc0 outbound
pass out on dc0 from dc0 to $int_nets

# filter rules for fxp1 inbound
pass in on fxp1 proto { tcp, udp } from $wwwserv to any port 53

# filter rules for fxp1 outbound
pass out on fxp1 proto tcp from any to $wwwserv port { 21, \
        > 49151 } queue net_dmz_misc
pass out on fxp1 proto tcp from any to $wwwserv port 80 queue net_dmz_http
pass out on fxp1 proto tcp from $int_nets to $wwwserv port { 80, \
        21, > 49151 } queue internal_dmz
@


1.3.2.1
log
@file faq-example3 was added on branch RELENG_8_4 on 2013-03-28 13:03:42 +0000
@
text
@d1 117
@


1.3.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 117
# $FreeBSD: releng/8.4/share/examples/pf/faq-example3 173536 2007-11-11 01:16:51Z mlaier $
# $OpenBSD: faq-example3,v 1.4 2006/10/07 04:48:01 mcbride Exp $

#
# Company Network
# http://www.openbsd.org/faq/pf/queueing.html#example2
#


# enable queueing on the external interface to queue packets going out
# to the Internet. use the cbq scheduler so that the bandwidth use of
# each queue can be controlled. the max outgoing bandwidth is 1.5Mbps.

altq on fxp0 cbq bandwidth 1.5Mb queue { std_ext, www_ext, boss_ext }

# define the parameters for the child queues.
# std_ext        - the standard queue. also the default queue for
#                  outgoing traffic on fxp0.
# www_ext        - container queue for WWW server queues. limit to
#                  500Kbps.
#   www_ext_http - http traffic from the WWW server; higher priority.
#   www_ext_misc - all non-http traffic from the WWW server.
# boss_ext       - traffic coming from the boss's computer.

queue std_ext        bandwidth 500Kb cbq(default borrow)
queue www_ext        bandwidth 500Kb { www_ext_http, www_ext_misc }
  queue www_ext_http bandwidth 50% priority 3 cbq(red borrow)
  queue www_ext_misc bandwidth 50% priority 1 cbq(borrow)
queue boss_ext       bandwidth 500Kb priority 3 cbq(borrow)

# enable queueing on the internal interface to control traffic coming
# from the Internet or the DMZ. use the cbq scheduler to control the
# bandwidth of each queue. bandwidth on this interface is set to the
# maximum. traffic coming from the DMZ will be able to use all of this
# bandwidth while traffic coming from the Internet will be limited to
# 1.0Mbps (because 0.5Mbps (500Kbps) is being allocated to fxp1).

altq on dc0 cbq bandwidth 100% queue { net_int, www_int }

# define the parameters for the child queues.
# net_int    - container queue for traffic from the Internet. bandwidth
#              is 1.0Mbps.
#   std_int  - the standard queue. also the default queue for outgoing
#              traffic on dc0.
#   it_int   - traffic to the IT Dept network; reserve them 500Kbps.
#   boss_int - traffic to the boss's PC; assign a higher priority.
# www_int    - traffic from the WWW server in the DMZ; full speed.

queue net_int    bandwidth 1.0Mb { std_int, it_int, boss_int }
  queue std_int  bandwidth 250Kb cbq(default borrow)
  queue it_int   bandwidth 500Kb cbq(borrow)
  queue boss_int bandwidth 250Kb priority 3 cbq(borrow)
queue www_int    bandwidth 99Mb cbq(red borrow)

# enable queueing on the DMZ interface to control traffic destined for
# the WWW server. cbq will be used on this interface since detailed
# control of bandwidth is necessary. bandwidth on this interface is set
# to the maximum. traffic from the internal network will be able to use
# all of this bandwidth while traffic from the Internet will be limited
# to 500Kbps.

altq on fxp1 cbq bandwidth 100% queue { internal_dmz, net_dmz }

# define the parameters for the child queues.
# internal_dmz   - traffic from the internal network.
# net_dmz        - container queue for traffic from the Internet.
#   net_dmz_http - http traffic; higher priority.
#   net_dmz_misc - all non-http traffic. this is also the default queue.

queue internal_dmz   bandwidth 99Mb cbq(borrow)
queue net_dmz        bandwidth 500Kb { net_dmz_http, net_dmz_misc }
  queue net_dmz_http bandwidth 50% priority 3 cbq(red borrow)
  queue net_dmz_misc bandwidth 50% priority 1 cbq(default borrow)


# ... in the filtering section of pf.conf ...

main_net  = "192.168.0.0/24"
it_net    = "192.168.1.0/24"
int_nets  = "{ 192.168.0.0/24, 192.168.1.0/24 }"
dmz_net   = "10.0.0.0/24"

boss      = "192.168.0.200"
wwwserv   = "10.0.0.100"

# default deny
block on { fxp0, fxp1, dc0 } all

# filter rules for fxp0 inbound
pass in on fxp0 proto tcp from any to $wwwserv port { 21, \
        > 49151 } queue www_ext_misc
pass in on fxp0 proto tcp from any to $wwwserv port 80 \
        queue www_ext_http

# filter rules for fxp0 outbound
pass out on fxp0 from $int_nets to any
pass out on fxp0 from $boss to any queue boss_ext

# filter rules for dc0 inbound
pass in on dc0 from $int_nets to any
pass in on dc0 from $it_net to any queue it_int
pass in on dc0 from $boss to any queue boss_int
pass in on dc0 proto tcp from $int_nets to $wwwserv port { 21, 80, \
        > 49151 } queue www_int

# filter rules for dc0 outbound
pass out on dc0 from dc0 to $int_nets

# filter rules for fxp1 inbound
pass in on fxp1 proto { tcp, udp } from $wwwserv to any port 53

# filter rules for fxp1 outbound
pass out on fxp1 proto tcp from any to $wwwserv port { 21, \
        > 49151 } queue net_dmz_misc
pass out on fxp1 proto tcp from any to $wwwserv port 80 queue net_dmz_http
pass out on fxp1 proto tcp from $int_nets to $wwwserv port { 80, \
        21, > 49151 } queue internal_dmz
@


1.2
log
@Update pf examples from OpenBSD to catch up with new stateful defaults and
other syntax changes.  Move pf.conf from /etc to examples, too.
@
text
@d1 1
a1 1
# $FreeBSD$
@


1.2.4.1
log
@SVN rev 225736 on 2011-09-23 00:51:37Z by kensmith

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.2.4.2
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242902
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242902 | dteske | 2012-11-11 23:29:45 +0000 (Sun, 11 Nov 2012) | 10 lines
## SVN ##
## SVN ## Fix a regression introduced by SVN r211417 that saw the breakage of a feature
## SVN ## documented in usr.sbin/sysinstall/help/shortcuts.hlp (reproduced below):
## SVN ##
## SVN ## If /usr/sbin/sysinstall is linked to another filename, say
## SVN ## `/usr/local/bin/configPackages', then the basename will be used
## SVN ## as an implicit command name.
## SVN ##
## SVN ## Reviewed by:	adrian (co-mentor)
## SVN ## Approved by:	adrian (co-mentor)
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d1 1
a1 1
# $FreeBSD: stable/9/share/examples/pf/faq-example3 173536 2007-11-11 01:16:51Z mlaier $
@


1.2.4.1.4.1
log
@SVN rev 239080 on 2012-08-05 23:54:33Z by kensmith

Copy stable/9 to releng/9.1 as part of the 9.1-RELEASE release process.

Approved by:	re (implicit)
@
text
@@


1.2.4.1.4.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: releng/9.1/share/examples/pf/faq-example3 173536 2007-11-11 01:16:51Z mlaier $
@


1.2.4.1.2.1
log
@SVN rev 227445 on 2011-11-11 04:20:22Z by kensmith

Copy stable/9 to releng/9.0 as part of the FreeBSD 9.0-RELEASE release
cycle.

Approved by:	re (implicit)
@
text
@@


1.2.4.1.2.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: releng/9.0/share/examples/pf/faq-example3 173536 2007-11-11 01:16:51Z mlaier $
@


1.2.2.1
log
@SVN rev 196045 on 2009-08-03 08:13:06Z by kensmith

Copy head to stable/8 as part of 8.0 Release cycle.

Approved by:	re (Implicit)
@
text
@@


1.2.2.2
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242909
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242909 | dim | 2012-11-12 07:47:19 +0000 (Mon, 12 Nov 2012) | 20 lines
## SVN ##
## SVN ## MFC r242625:
## SVN ##
## SVN ## Remove duplicate const specifiers in many drivers (I hope I got all of
## SVN ## them, please let me know if not).  Most of these are of the form:
## SVN ##
## SVN ## static const struct bzzt_type {
## SVN ##       [...list of members...]
## SVN ## } const bzzt_devs[] = {
## SVN ##       [...list of initializers...]
## SVN ## };
## SVN ##
## SVN ## The second const is unnecessary, as arrays cannot be modified anyway,
## SVN ## and if the elements are const, the whole thing is const automatically
## SVN ## (e.g. it is placed in .rodata).
## SVN ##
## SVN ## I have verified this does not change the binary output of a full kernel
## SVN ## build (except for build timestamps embedded in the object files).
## SVN ##
## SVN ## Reviewed by:	yongari, marius
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d1 1
a1 1
# $FreeBSD: stable/8/share/examples/pf/faq-example3 173536 2007-11-11 01:16:51Z mlaier $
@


1.2.2.1.8.1
log
@SVN rev 232438 on 2012-03-03 06:15:13Z by kensmith

Copy stable/8 to releng/8.3 as part of 8.3-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.2.2.1.8.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: releng/8.3/share/examples/pf/faq-example3 173536 2007-11-11 01:16:51Z mlaier $
@


1.2.2.1.6.1
log
@SVN rev 216617 on 2010-12-21 17:09:25Z by kensmith

Copy stable/8 to releng/8.2 in preparation for FreeBSD-8.2 release.

Approved by:	re (implicit)
@
text
@@


1.2.2.1.4.1
log
@SVN rev 209145 on 2010-06-14 02:09:06Z by kensmith

Copy stable/8 to releng/8.1 in preparation for 8.1-RC1.

Approved by:	re (implicit)
@
text
@@


1.2.2.1.2.1
log
@SVN rev 198460 on 2009-10-25 01:10:29Z by kensmith

Copy stable/8 to releng/8.0 as part of 8.0-RELEASE release procedure.

Approved by:	re (implicit)
@
text
@@


1.1
log
@Bring in some examples (and create space for future work here):
- Add OpenBSD example rulesets as advertised in etc/pf.conf and pf.conf(5)
- Tweak the pointer to fit the FreeBSD default location share/examples/pf
- Account for the new directory in BSD.usr.dist (no hier(7) change required
  as share/examples is an opaque item there).

Obtained from:	OpenBSD
Reminded by:	Thomas T. Veldhouse
PR:		docs/71691
MFC after:	2 days
@
text
@d2 1
a2 1
# $OpenBSD: faq-example3,v 1.2 2003/08/06 16:04:45 henning Exp $
d9 1
a9 1
   
d21 3
a23 3
#   www_ext_http - http traffic from the WWW server
#   www_ext_misc - all non-http traffic from the WWW server
# boss_ext       - traffic coming from the boss's computer
d25 1
a25 1
queue std_ext        cbq(default)
d27 3
a29 3
  queue www_ext_http priority 3 cbq(red)
  queue www_ext_misc priority 1
queue boss_ext       priority 3
d45 3
a47 3
#   it_int   - traffic to the IT Dept network.
#   boss_int - traffic to the boss's PC.
# www_int    - traffic from the WWW server in the DMZ.
d50 1
a50 1
  queue std_int  cbq(default)
d52 2
a53 2
  queue boss_int priority 3
queue www_int    cbq(red)
d67 1
a67 1
#   net_dmz_http - http traffic.
d70 1
a70 1
queue internal_dmz      # no special settings needed
d72 2
a73 2
  queue net_dmz_http priority 3 cbq(red)
  queue net_dmz_misc priority 1 cbq(default)
d91 1
a91 1
        > 49151 } flags S/SA keep state queue www_ext_misc
d93 1
a93 1
        flags S/SA keep state queue www_ext_http
d96 2
a97 2
pass out on fxp0 from $int_nets to any keep state
pass out on fxp0 from $boss to any keep state queue boss_ext
d100 1
a100 1
pass in on dc0 from $int_nets to any keep state
d104 1
a104 1
        > 49151 } flags S/SA keep state queue www_int
d110 1
a110 2
pass in on fxp1 proto { tcp, udp } from $wwwserv to any port 53 \
        keep state
d114 2
a115 3
        > 49151 } flags S/SA keep state queue net_dmz_misc
pass out on fxp1 proto tcp from any to $wwwserv port 80 \
        flags S/SA keep state queue net_dmz_http
d117 1
a117 1
        21, > 49151 } flags S/SA keep state queue internal_dmz
@


1.1.4.1
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: stable/6/share/examples/pf/faq-example3 135184 2004-09-14 01:07:19Z mlaier $
@


1.1.16.1
log
@SVN rev 183531 on 2008-10-02 02:57:24Z by kensmith

Create releng/6.4 from stable/6 in preparation for 6.4-RC1.

Approved by:	re (implicit)
@
text
@@


1.1.12.1
log
@MFC:
  Update pf examples from OpenBSD to catch up with new stateful defaults and
  other syntax changes.  Move pf.conf from /etc to examples, too.

Approved by:	re (kensmith)
@
text
@d2 1
a2 1
# $OpenBSD: faq-example3,v 1.4 2006/10/07 04:48:01 mcbride Exp $
d9 1
a9 1

d21 3
a23 3
#   www_ext_http - http traffic from the WWW server; higher priority.
#   www_ext_misc - all non-http traffic from the WWW server.
# boss_ext       - traffic coming from the boss's computer.
d25 1
a25 1
queue std_ext        bandwidth 500Kb cbq(default borrow)
d27 3
a29 3
  queue www_ext_http bandwidth 50% priority 3 cbq(red borrow)
  queue www_ext_misc bandwidth 50% priority 1 cbq(borrow)
queue boss_ext       bandwidth 500Kb priority 3 cbq(borrow)
d45 3
a47 3
#   it_int   - traffic to the IT Dept network; reserve them 500Kbps.
#   boss_int - traffic to the boss's PC; assign a higher priority.
# www_int    - traffic from the WWW server in the DMZ; full speed.
d50 1
a50 1
  queue std_int  bandwidth 250Kb cbq(default borrow)
d52 2
a53 2
  queue boss_int bandwidth 250Kb priority 3 cbq(borrow)
queue www_int    bandwidth 99Mb cbq(red borrow)
d67 1
a67 1
#   net_dmz_http - http traffic; higher priority.
d70 1
a70 1
queue internal_dmz   bandwidth 99Mb cbq(borrow)
d72 2
a73 2
  queue net_dmz_http bandwidth 50% priority 3 cbq(red borrow)
  queue net_dmz_misc bandwidth 50% priority 1 cbq(default borrow)
d91 1
a91 1
        > 49151 } queue www_ext_misc
d93 1
a93 1
        queue www_ext_http
d96 2
a97 2
pass out on fxp0 from $int_nets to any
pass out on fxp0 from $boss to any queue boss_ext
d100 1
a100 1
pass in on dc0 from $int_nets to any
d104 1
a104 1
        > 49151 } queue www_int
d110 2
a111 1
pass in on fxp1 proto { tcp, udp } from $wwwserv to any port 53
d115 3
a117 2
        > 49151 } queue net_dmz_misc
pass out on fxp1 proto tcp from any to $wwwserv port 80 queue net_dmz_http
d119 1
a119 1
        21, > 49151 } queue internal_dmz
@


1.1.12.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: stable/7/share/examples/pf/faq-example3 173538 2007-11-11 02:16:00Z mlaier $
@


1.1.12.1.10.1
log
@SVN rev 216618 on 2010-12-21 17:10:29Z by kensmith

Copy stable/7 to releng/7.4 in preparation for FreeBSD-7.4 release.

Approved by:	re (implicit)
@
text
@@


1.1.12.1.10.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: releng/7.4/share/examples/pf/faq-example3 173538 2007-11-11 02:16:00Z mlaier $
@


1.1.12.1.8.1
log
@SVN rev 203736 on 2010-02-10 00:26:20Z by kensmith

Copy stable/7 to releng/7.3 as part of the 7.3-RELEASE process.

Approved by:	re (implicit)
@
text
@@


1.1.12.1.6.1
log
@SVN rev 191087 on 2009-04-15 03:14:26Z by kensmith

Create releng/7.2 from stable/7 in preparation for 7.2-RELEASE.

Approved by:	re (implicit)
@
text
@@


1.1.12.1.4.1
log
@SVN rev 185281 on 2008-11-25 02:59:29Z by kensmith

Create releng/7.1 in preparation for moving into RC phase of 7.1 release
cycle.

Approved by:	re (implicit)
@
text
@@


1.1.2.1
log
@MFC pf examples:
  Bring in some examples (and create space for future work here):
   - Add OpenBSD example rulesets as advertised in etc/pf.conf and
     pf.conf(5)
   - Tweak the pointer to fit the FreeBSD default location share/examples/pf
   - Account for the new directory in BSD.usr.dist (no hier(7) change
     required as share/examples is an opaque item there).

  Obtained from:  OpenBSD
  Reminded by:    Thomas T. Veldhouse
  PR:             docs/71691

Approved by:	re (scottl)
@
text
@@

