- 论坛徽章:
- 0
|
能够正常使用,但是就是无法限速,请老鸟们赐教。
pf.conf
# network interfaces
ext_if = "fxp0"
int_if = "fxp1"
lo_if = "lo0"
# tables
table <rfc1918> const { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }
# runtime options
set timeout { interval 3, frag 5 }
set timeout { tcp.first 20, tcp.opening 10, tcp.established 600 }
set timeout { tcp.closing 10, tcp.finwait 10, tcp.closed 10 }
set timeout { udp.first 10, udp.single 10, udp.multiple 60 }
set timeout { icmp.first 5, icmp.error 5 }
set timeout { other.first 10, other.single 10, other.multiple 30 }
set timeout { adaptive.start 0, adaptive.end 0 }
set limit { src-nodes 40000, states 40000, frags 10000 }
set optimization aggressive
set block-policy drop
set require-order yes
set fingerprints "/etc/pf.os"
set skip on $lo_if
# scrub
scrub in all
# set altq
altq on $ext_if bandwidth 4Mb cbq queue { ping-out, radmin-out, bulk-out }
queue ping-out bandwidth 400Kb priority 7 cbq ( borrow )
queue bulk-out bandwidth 3.6Mb priority 1 cbq ( default, red )
# set altq
altq on $int_if bandwidth 100Mb cbq queue { b2048, b1024, b512, other }
queue b2048 bandwidth 2Mb cbq ( red, ecn )
queue b1024 bandwidth 1Mb cbq ( red, ecn )
queue b512 bandwidth 1Mb cbq ( red, ecn )
queue other bandwidth 96Mb cbq ( default, red, ecn )
# nat for lan
nat on $ext_if from 10.0.0.0/24 to any -> ($ext_if)
# anti-spoof
antispoof quick for $ext_if
block in quick on $ext_if from <rfc1918> to any
block out quick on $ext_if from any to <rfc1918>
# queuing
pass out quick on $ext_if inet proto icmp from any to any icmp-type echoreq queue ping-out
pass out quick on $ext_if inet proto { tcp udp } from any to any queue ( bulk-out, ping-out )
pass in quick on $int_if from any to 203.156.210.241 queue b2048
pass in quick on $int_if from 203.156.210.206 to any queue b1024
pass in quick on $int_if from any to 203.156.210.206 queue b1024
# default pass
pass quick all
netstat的结果:
Name Mtu Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll
vlan3 1500 <Link#12> 00:02:b3:bf:0f:5f 4422051 0 1639764520 4525930 0 3415387576 0
vlan3 1500 203.156.210.2 203.156.210.205 112197 - 9103866 17365 - 2387311 -
有没有办法可以把它限制在1M以下?我这端的IP是205,对方的主机IP是206
pf -s state
all udp 116.29.135.42:2047 <- 203.156.210.206:5158 MULTIPLE:MULTIPLE
all udp 203.156.210.206:5158 -> 116.29.135.42:2047 MULTIPLE:MULTIPLE
all udp 203.156.210.206:5158 <- 219.150.221.220:24981 MULTIPLE:MULTIPLE
all udp 219.150.221.220:24981 -> 203.156.210.206:5158 MULTIPLE:MULTIPLE
all udp 203.156.210.206:5158 <- 116.21.111.117:4172 MULTIPLE:MULTIPLE
all udp 116.21.111.117:4172 -> 203.156.210.206:5158 MULTIPLE:MULTIPLE
all udp 203.156.210.206:5158 <- 60.189.70.129:24661 MULTIPLE:MULTIPLE
all udp 60.189.70.129:24661 -> 203.156.210.206:5158 MULTIPLE:MULTIPLE
all udp 203.156.210.206:5158 <- 116.76.227.124:4177 MULTIPLE:MULTIPLE
all udp 116.76.227.124:4177 -> 203.156.210.206:5158 MULTIPLE:MULTIPLE
all udp 203.156.210.206:5158 <- 61.177.194.194:7569 MULTIPLE:MULTIPLE
all udp 61.177.194.194:7569 -> 203.156.210.206:5158 MULTIPLE:MULTIPLE
all udp 61.130.111.15:2004 <- 203.156.210.206:5158 MULTIPLE:MULTIPLE
all udp 203.156.210.206:5158 -> 61.130.111.15:2004 MULTIPLE:MULTIPLE
all udp 203.156.210.206:5158 <- 222.246.199.5:1367 MULTIPLE:MULTIPLE
all udp 222.246.199.5:1367 -> 203.156.210.206:5158 MULTIPLE:MULTIPLE
all udp 125.95.118.18:7188 <- 203.156.210.206:5158 MULTIPLE:MULTIPLE
all udp 203.156.210.206:5158 -> 125.95.118.18:7188 MULTIPLE:MULTIPLE
all udp 203.156.210.206:5158 <- 58.246.3.44:5155 MULTIPLE:MULTIPLE
all udp 58.246.3.44:5155 -> 203.156.210.206:5158 MULTIPLE:MULTIPLE
all udp 203.156.210.206:5158 <- 222.86.111.202:4674 MULTIPLE:MULTIPLE
all udp 222.86.111.202:4674 -> 203.156.210.206:5158 MULTIPLE:MULTIPLE
几乎都是这个IP的,还有很多,不贴了,现在这个IP把我带宽占满了,需要解决,谢谢各位兄弟了。。。 |
|
免费注册
发表于 2009-03-09 21:06
