Skip to content

Instantly share code, notes, and snippets.

@lazywithclass

lazywithclass/blog.md

Last active February 21, 2022 21:39
Show Gist options
  • Save lazywithclass/8247698aef5ac50476406dc74f26fa93 to your computer and use it in GitHub Desktop.
Save lazywithclass/8247698aef5ac50476406dc74f26fa93 to your computer and use it in GitHub Desktop.
Download ZIP
Bandwidth throttling on FreeBSD
Raw
blog.md

Bandwidth throttling on FreeBSD

Installing FreeBSD in VirtualBox will help a lot, I've also set

  • PasswordAuthentication yes
  • PermitRootLogin yes

followed by a /etc/rc.d/sshd restart to allow root to login from my tmux environment on the host box. Make sure you have sshd installed and running on the virtual image. This way I could have multiple tmux panes and copy / paste working (which wasn't in my case).

What's pf?

pf stands for Packet Filter, here are the docs.

Configuration

In /etc/rc.conf add the following, pf will start at boot

pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"

Thanks a lot to this guide for the helpful hints, one of which is sleep 120; pfctl -d which allows to disable pf after 2 minutes, so if you screw things up you will be able to reconnect.

It's astonishing the number of times that command saved me, just in the first three or four attempts I would've locked myself out everytime. I've slightly changed it to (sleep 30 && pfctl -d)& && pfctl -ef simple.conf to be a one liner.

Rules

pf processes rules from top to bottom.

pfctl

  • $ pfctl -nvf /etc/pf.conf - test the configuration file syntax without loading it
  • $ pfctl -ef pf.conf - use the rules, it will fail if the configuration has a syntax error
  • $ pfctl -sr - show current ruleset
  • $ pfctl -ss - show current state table
  • $ pfctl -si - show filter stats and counters
  • $ pfctl -sa - show all it can show

ALTQ

$ pfctl -s queue -vv
No ALTQ support in kernel
ALTQ related functions disabled

(that command checks pf queues showing how many packets went in which)

Oops, it looks I don't have the required module compiled into the kernel.

  1. get freebsd sources
  2. then enable ALTQ support, this guide will also help and after that the next step

You can't shape incoming traffic, only outgoing. Which is logical if you think about it. When the traffic hits your firewall it's already on the line.

Another useful guide.

Using it

These are the rules I've put in my configuration file

altq on em0 cbq bandwidth 2Mb queue { std, ssh }
queue std bandwidth 75% cbq(default)
queue ssh bandwidth 25%

em0 is your management interface, I've got that by running netstat -rn | grep default | awk '{print $4}'.

Then I've created a 1GB file with dd if=/dev/zero of=bigfile.txt bs=1G count=1, and scped it from outside the virtual image, once the transfer was in progress I activated pf and everything worked!

I've found out the following correspondance:

  • with 2Mb limit I got ~240KB/s download speed, which is roughly 1.96Mb
  • with 4Mb limit I got ~465KB/s download speed, which is roughly 3.81Mb
  • with 8Mb limit I got ~930KB/s download speed, which is roughly 7.62Mb

by looking at the download speed for each, great!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment