Egress acls for traffic bandwidth limiting / qos
-
Hi All,
We have a transparent squid proxy server. I would like to prioritize and bandwidth limit connections from squid to certain non business websites. i.e.
users -> pfsense ingress ACL -> Squid -> pfsense egress ACL
^Transparent TCP 3128 ^Limit certain websites (tumblr, youtube etc) during business hours to 4mb, and traffic shape (Hfsc)I already have enabled Squid ACL's and per host throttling, but this is not really what i am after. i would like something more granular, so that business websites have full priority and non business websites do not. Especially during working hours. Ironically i am able to achieve that WITHOUT the squid proxy.
SRC DEST PRTL TrafficShape TIME Action
<lan> <business websites=""> <80,443> High Priority, B/w guaranteed <business hours=""> Allowed
<lan> <non business="" websites=""> <80,443> Low Priority, B/w limited <business hours=""> Allowed
<lan> <non business="" websites=""> <80,443> Low Priority, B/w limited <business hours=""> AllowedWith the proxy between SRC + Dest, i am unsure of how to apply egress ACL's so that traffic initiated from Squid will be forced to obey bandwith limiting rules.
Has anyone had experience with bandwidth limiting connections made from squid?</business></non></lan></business></non></lan></business></business></lan>
-
From my understanding of pf, it does appear that it is possible to have egress filtering. Its just not possible through the UI
eg
pass out inet proto tcp from $localnet to port $client_out_tcp
pass out inet proto tcp from $localnet to port $client_out_udpIs there a way to do this through the WebUI (that i do not know of), or should i create a feature request?
My logic is …
SRC DEST Direction PRTL TrafficShape TIME Action
<loopback> <business websites="" (fqdns="" group="" )=""> Outbound <80,443> High Priority, B/w guaranteed <business hours=""> Allowed
<loopback> <non business="" websites="" (fqdns="" group)=""> Outbound <80,443> Low Priority, B/w LIMITED <business hours=""> Allowed
<loopback> ANY Outbound <80,443> B/w LIMITED <business hours=""> Allowed </business></loopback></business></non></loopback></business></business></loopback>