Bandwidth limit / queue on OpenBSD 6.1
Use case
Internet is down at home, I want to use my phone as 4G router trough my OpenBSD laptop which will act as router. I don’t want the quota (some Gb) to be eaten in a few seconds, this connection allow to download up to 10 Mb/s so it can go quickly !
We will limit the total bandwidth to 1M (~ 110 kb/s) for people behind the NAT. It will be slow, but we will be sure that nothing behind the NAT like a program updating, cloud stuff synchronizing or videos in auto play won’t consume our quota.
Edit /etc/pf.conf accordigly to your network
internet="urndis0"
lan="em0"
# we define our available bandwidth
queue main on $lan bandwidth 100M
# we will let 1M but we will allow
# 3M during 200 ms when initiating connection to keep the web a bit interactive
queue limited parent main bandwidth 1M min 0K max 1M burst 3M for 200ms default
set skip on lo
# we do NAT here
match out on egress inet from !(egress:network) to any nat-to (egress:0)
block all
pass out quick inet
# we apply the queue here on EVERYTHING coming from the internet
pass in on $lan set queue limitedThis ONLY defines queue for DOWNLOADING, you can only set the queue on the lan interface, this won’t work on egress (network interface having internet) because you can’t limit what go in your interface, it’s already there when you want to limit.
Per protocol ?
You can define queues per remote port by creating new queues and doing something like this :
pass in on $lan proto tcp port ssh set queue ssh
pass in on $lan proto tcp port www set queue webPer host ?
As before, you can apply queues on IP host/range rather than protocols, or you can even mix both if you want.
Warning
The limit function changed in OpenBSD 5.5, everything you can read on the internet about ALTQ isn’t working anymore.
via dataswamp
