Feature Request: scrub pf rule customization

[djGrrr]

Hi, I think it would be a great feature to be able to customize the "scrub" pf rules in OPNsense; Some ISPs (notably Google Fiber) require that the Type of Service field of packets be set, in order to get full upload speed.
Google Fiber limits your upload speed to 10mbit without the ToS field being set (vs 1gbit when it is set). I think it is a bit silly to need to have a managed switch, just to set the ToS for packets, when OPNsense should be easily capable of doing so.

Perhaps this only needs some quick check-box option on the interface settings specifically for Google Fiber? (at least for now), but I think (at least further down the line) something a bit more robust would make sense.

These are the PF scrub rules required to set the ToS field correctly for Google Fiber:

scrub out on $WAN proto udp from port 67 to port 68 set-tos 0x40 # set DHCP packets to class 2
scrub out on $WAN proto igmp set-tos 0xC0 # set IGMP packets to class 6
scrub out on $WAN set-tos 0x60 # set all other packets to class 3

[cornic]

I agree this functionality would be great for google fiber users as a Layer 2 switch wouldn't be required in line to replace their network box with a more robust router/firewall platform like opnsense.

[franco]

Great idea. I've added a ticket to the bug tracker: https://github.com/opnsense/core/issues/405

I can't prove an ETA, but maybe somebody will pick it up from there as it increases visibility. :)