“You manage a heterogeneous network and want to provide different Quality of Service agreements and network restrictions based on the client operating system. With pf and altq, you can now limit the amount of bandwidth available to users of different operating systems, or force outbound web traffic through a transparent filtering proxy. This article describes how to install pf, altq, and Squid on your FreeBSD router and web proxy to achieve these goals.”
Nice read!! Show the basic use of pf + altq for a very simple task of busting up bandwith via os finger printing.
For those who may not know FreeBSD, pf or altq queue or simply just can’t bother typing rules and config files, you can find an easy way out with pfSense (http://pfSense.com/). Its a routing software based on FreeBSD 6, pf and altq for traffic shaping with the ability to be extendable with add ons like squid and many more. Its easy to install and requires very little knowledge of FreeBSD (and pf for that matter) to use as most configuration is achieved through a web interface where the symantics of pf and altq are hidden from the users.
Its still in beta but could achive the same results with little effort.
Edited 2006-02-19 13:27
I’m curious, if anyone knows… What kind of software would be required to perform something like this on a windows server? Not that I would ever want to do something like this, I’m just curious if it’s even possible.
pfsense is based off of m0nowall. I am a happy m0n0wall user:
http://m0n0.ch/wall/
Sure, but most are expensive commercial products (wingate http://www.wingate.com/ and inetshaper http://inetshaper.com/ comes to mind). While it is possible the idea of using windows as a router is not very appealing for the fact that it probably impossible to run on low end systems because of the power hungry gui and an unmodifiable kernel. Some may find it appealing cause it is easy to install routing software because everything is so “point and click”.
Throw in CARP support, pfsync in pf and you can have multiple firewalls with automatic failover.