On 08/07/07, Damien Miller <[EMAIL PROTECTED]> wrote:
On Sat, 7 Jul 2007, Lawrence Horvath wrote:
> Is there a way using pf to distinguish between ssh shell logins, and
> scp file transfers?
Not easily: ssh sets IPTOS_THROUGHPUT for non-interactive sessions,
but does it after the TCP handshake. If you are assigning connections
to queues statefully, this is too late, as the state would have already
been created with the default TOS.
I've seen PF successfully put ssh traffic in appropriate queues with
stateful filtering. I've also seen at least one ISP clearing ToS flags
on traffic passing through them.
There are some examples in http://www.openbsd.org/faq/pf/queueing.html
and of course in pf.conf(5)
-d
--
viq
