Attachment #51415 for bug #78096

View | Details | Raw Unified | Return to bug 78096
Collapse All | Expand All




  </sect1>

  <sect1 id="firewalls-pf">
    <title>The Packet Filter (PF) Firewall and ALTQ</title>

    <indexterm>
      <primary>firewall</primary>

      contained <acronym>PF</acronym> as an integrated part of the
      base system was &os;&nbsp;5.3 in November 2004.
      <acronym>PF</acronym> is a complete, fully featured firewall
      that contains <acronym>ALTQ</acronym> (Alternate Queuing) for
      bandwidth usage management in a way similar to what DUMMYNET
      provides in <acronym>IPFW</acronym>.  The OpenBSD project does an
      outstanding job of maintaining the PF users' guide that it will
      not be made part of this handbook firewall section as that would
      just be duplicated effort.</para>

        enable the following option as well:</para>

      <programlisting>gateway_enable="YES"            # Enable as Lan gateway</programlisting>

    </sect2>
    <sect2>
      <title>Enabling ALTQ</title>

      <para>ALTQ is only avaliable by compiling the options into the
        &os; Kernel.</para>

      <para>ALTQ is not supported by all of the avaliable network card
        drivers.  Please see the &man.altq.4; manual page for a list of
        drivers that are supported in your release of &os;.

    </sect2>
    <sect2>
      <title>ALTQ Kernel options</title>

      <para>ALTQ is composed of many different parts to give the
        functionality required.  The avaliable options are:</para>

      <programlisting>options         ALTQ
options         ALTQ_CBQ        # Class Bases Queuing
options         ALTQ_RED        # Random Early Detection
options         ALTQ_RIO        # RED In/Out
options         ALTQ_HFSC       # Hierarchical Packet Scheduler
options         ALTQ_PRIQ       # Priority Queuing
options         ALTQ_NOPCC      # Required for SMP build</programlisting>

      <para><literal>options ALTQ</literal> enables the ALTQ framework.</para>

      <para><literal>options ALTQ_CBQ</literal> enables Class Based
        Queuing (CBQ).  CBQ allows you to divide a connections's
        bandwidth into different classes or queues.</para>

      <para><literal>options ALTQ_RED</literal> enables Random Early
        Detection (RED).  RED is used to avoid network congestion.  RED
        does this by measuring the length of the queue and comparing
        it to the minimum and maximum thresholds for the queue.  If the
        queue is over the maximum all new packets will be dropped.  True
        to its name, RED drops packets from different connections
        randomly.</para>

      <para><literal>options ALTQ_RIO</literal> enables Random Early
        Detection In and Out.</para>

      <para><literal>options ALTQ_HFSC</literal> enables Hierarchical
        Fair Service Curve Packet Scheduler.  See <ulink
        url="http://www-2.cs.cmu.edu/~hzhang/HFSC/main.html"></ulink>
        for more info.</para>

      <para><literal>options ALTQ_PRIQ</literal> enables Priority
        Queuing (PRIQ).  PRIQ will always pass traffic that is in a
        higher queue first.</para>

      <para><literal>options ALTQ_NOPCC</literal> enables SMP support
        for ALTQ.  This option is required on SMP systems.</para>

    </sect2>
  </sect1>

Return to bug 78096

Lines 198-204 Link Here

(-)doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml (-4 / +59 lines)
198	</sect1>	198	</sect1>
199		199
200	<sect1 id="firewalls-pf">	200	<sect1 id="firewalls-pf">
201	<title>The Packet Filter (PF) Firewall</title>	201	<title>The Packet Filter (PF) Firewall and ALTQ</title>
202		202
203	<indexterm>	203	<indexterm>
204	<primary>firewall</primary>	204	<primary>firewall</primary>
Lines 211-219 Link Here
211	contained <acronym>PF</acronym> as an integrated part of the	211	contained <acronym>PF</acronym> as an integrated part of the
212	base system was &os; 5.3 in November 2004.	212	base system was &os; 5.3 in November 2004.
213	<acronym>PF</acronym> is a complete, fully featured firewall	213	<acronym>PF</acronym> is a complete, fully featured firewall
214	that contains <acronym>ALTQ</acronym> for bandwidth usage	214	that contains <acronym>ALTQ</acronym> (Alternate Queuing) for
215	management in a way similar to what DUMMYNET provides in	215	bandwidth usage management in a way similar to what DUMMYNET
216	<acronym>IPFW</acronym>. The OpenBSD project does an	216	provides in <acronym>IPFW</acronym>. The OpenBSD project does an
217	outstanding job of maintaining the PF users' guide that it will	217	outstanding job of maintaining the PF users' guide that it will
218	not be made part of this handbook firewall section as that would	218	not be made part of this handbook firewall section as that would
219	just be duplicated effort.</para>	219	just be duplicated effort.</para>
Lines 356-361 Link Here
356	enable the following option as well:</para>	356	enable the following option as well:</para>
357		357
358	<programlisting>gateway_enable="YES" # Enable as Lan gateway</programlisting>	358	<programlisting>gateway_enable="YES" # Enable as Lan gateway</programlisting>
		359
		360	</sect2>
		361	<sect2>
		362	<title>Enabling ALTQ</title>
		363
		364	<para>ALTQ is only avaliable by compiling the options into the
		365	&os; Kernel.</para>
		366
		367	<para>ALTQ is not supported by all of the avaliable network card
		368	drivers. Please see the &man.altq.4; manual page for a list of
		369	drivers that are supported in your release of &os;.
		370
		371	</sect2>
		372	<sect2>
		373	<title>ALTQ Kernel options</title>
		374
		375	<para>ALTQ is composed of many different parts to give the
		376	functionality required. The avaliable options are:</para>
		377
		378	<programlisting>options ALTQ
		379	options ALTQ_CBQ # Class Bases Queuing
		380	options ALTQ_RED # Random Early Detection
		381	options ALTQ_RIO # RED In/Out
		382	options ALTQ_HFSC # Hierarchical Packet Scheduler
		383	options ALTQ_PRIQ # Priority Queuing
		384	options ALTQ_NOPCC # Required for SMP build</programlisting>
		385
		386	<para><literal>options ALTQ</literal> enables the ALTQ framework.</para>
		387
		388	<para><literal>options ALTQ_CBQ</literal> enables Class Based
		389	Queuing (CBQ). CBQ allows you to divide a connections's
		390	bandwidth into different classes or queues.</para>
		391
		392	<para><literal>options ALTQ_RED</literal> enables Random Early
		393	Detection (RED). RED is used to avoid network congestion. RED
		394	does this by measuring the length of the queue and comparing
		395	it to the minimum and maximum thresholds for the queue. If the
		396	queue is over the maximum all new packets will be dropped. True
		397	to its name, RED drops packets from different connections
		398	randomly.</para>
		399
		400	<para><literal>options ALTQ_RIO</literal> enables Random Early
		401	Detection In and Out.</para>
		402
		403	<para><literal>options ALTQ_HFSC</literal> enables Hierarchical
		404	Fair Service Curve Packet Scheduler. See <ulink
		405	url="http://www-2.cs.cmu.edu/~hzhang/HFSC/main.html"></ulink>
		406	for more info.</para>
		407
		408	<para><literal>options ALTQ_PRIQ</literal> enables Priority
		409	Queuing (PRIQ). PRIQ will always pass traffic that is in a
		410	higher queue first.</para>
		411
		412	<para><literal>options ALTQ_NOPCC</literal> enables SMP support
		413	for ALTQ. This option is required on SMP systems.</para>
359		414
360	</sect2>	415	</sect2>
361	</sect1>	416	</sect1>