Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

scrub pf rule customization #405

Closed
fichtner opened this issue Sep 26, 2015 · 1 comment
Closed

scrub pf rule customization #405

fichtner opened this issue Sep 26, 2015 · 1 comment
Assignees
@AdSchellevis
Labels
feature Adding new functionality
Milestone
16.7

Comments

@fichtner
Copy link
Member 

Hi, I think it would be a great feature to be able to customize the "scrub" pf rules in OPNsense;
Some ISPs (notably Google Fiber) require that the Type of Service field of packets be set, in order
to get full upload speed. 
Google Fiber limits your upload speed to 10mbit without the ToS field being set (vs 1gbit when it
is set). I think it is a bit silly to need to have a managed switch, just to set the ToS for packets, when
OPNsense should be easily capable of doing so.

Perhaps this only needs some quick check-box option on the interface settings specifically for Google
Fiber? (at least for now), but I think (at least further down the line) something a bit more robust would
make sense.

These are the PF scrub rules required to set the ToS field correctly for Google Fiber:

scrub out on $WAN proto udp from port 67 to port 68 set-tos 0x40 # set DHCP packets to class 2
scrub out on $WAN proto igmp set-tos 0xC0 # set IGMP packets to class 6
scrub out on $WAN set-tos 0x60 # set all other packets to class 3

via: https://forum.opnsense.org/index.php?topic=1414.0
@fichtner fichtner added feature Adding new functionality help wanted Contributor missing / timeout labels Sep 26, 2015
@fichtner fichtner added this to the 16.1 milestone Sep 26, 2015
@fichtner fichtner changed the title scrup pf rule customization scrub pf rule customization Sep 26, 2015
@fichtner fichtner removed this from the 16.1 milestone Feb 4, 2016
@fichtner fichtner removed the feature Adding new functionality label Feb 16, 2016
@fichtner fichtner added this to the Future milestone Feb 16, 2016
@AdSchellevis AdSchellevis self-assigned this May 29, 2016
@AdSchellevis AdSchellevis added feature Adding new functionality and removed help wanted Contributor missing / timeout labels May 29, 2016
AdSchellevis added a commit that referenced this issue May 29, 2016
@AdSchellevis
(legacy style code) work on #405 packet normalisation, needed for fur…
82c9881 
…ther restructure and cleanup of filter code.
@AdSchellevis AdSchellevis modified the milestones: 16.7, Future May 29, 2016
AdSchellevis added a commit that referenced this issue May 30, 2016
@AdSchellevis
(firewall, normalization) add acl + menu for #405 and move Schedules …
faa4e13 
…to same menu level
@AdSchellevis
Copy link
Member

faa4e13

@AdSchellevis AdSchellevis mentioned this issue Sep 20, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AdSchellevis AdSchellevis

Labels
feature Adding new functionality
Milestone
16.7
Development

No branches or pull requests
2 participants
@fichtner @AdSchellevis