Friday, May 25, 2012

FreeBSD Enable PF ALTQ Firewall Support

Q. Under FreeBSD 7.0 patch level 5, I'm getting following warning message:
Enabling pf.
No ALTQ support in kernel
ALTQ related functions disabled
No ALTQ support in kernel
I need ALTQ support for my FreeBSD box. How do I enable ALTQ for Class Based Queuing (CBQ) to divide a connection's bandwidth into different classes or queues to prioritize traffic based on filter rules?

A. ALTQ - alternate queuing of network packets provides several disciplines for queuing outgoing network packets. This is done by modifications to the interface packet queues. This is useful for traffic shaping and other advanced usage.
WARNING! These examples may not work with your FreeBSD release as ALTQ is not supported by all of the available network card drivers. Please see the altq manual page for a list of drivers that are supported in your release of FreeBSD.

Fetch latest kernel source code

This is optional, but recommend so that you can build new kernel with latest version. To sync your source tree with the latest sources enter:
# csup /path/to/supfile
Please see cvsup tutorial for more information about syncing your source tree with the latest FreeBSD sources.

Open your kernel configuration file

Change directory to kernel configuration file:
# cd /usr/src/sys/`uname -m`/conf
If you are using vanilla kernel open GENERIC file:
# vi GENERIC
If you've previously created kernel configuration file called nixcraft, open it:
# vi nixcraft
Make sure following line pf kernel option exits:
device pf
device pflog
device pfsync
Add the following kernel options will enable ALTQ and add additional functionality:
options         ALTQ
options         ALTQ_CBQ        # Class Bases Queuing (CBQ)
options         ALTQ_RED        # Random Early Detection (RED)
options         ALTQ_RIO        # RED In/Out
options         ALTQ_HFSC       # Hierarchical Packet Scheduler (HFSC)
options         ALTQ_PRIQ       # Priority Queuing (PRIQ)
options         ALTQ_NOPCC      # Required for SMP build
Save and close the file.

Build FreeBSD kernel

To compile the kernel, enter :
# make buildkernel KERNCONF=nixcraft
To install the new kernel, enter:
# make installkernel KERNCONF=nixcraft
Where,
  • KERNCONF=nixcraft: My kernel configuration file name.
Finally, reboot system to boot into a new kernel:
# reboot
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)