Подскажите кто работал с 7 веткой фри и юзал на ней pf+altq, переехал на новый серв на нем поставил 7.1 фрю, слил со старого конфиги pf, ясное дело что поправил все интерфейсы и айпи
так вот какая грабля (не считая прикола с тем что в новом pf автоматом добавляет keep state) пакеты не проходят через очереди шейпера, т.е. вообще ни один пакет не попадает в очередь altq бьюсь уже второй день, ткните носом где ошибся, ниже конфиг

ext_if="em0"
ext_ad="xxx.xxx.xxx.xxx"
int_if="em1"

table <internet_hosts> { xx.xx.xx.xx/16 }
table <nated_hosts> { xx.xx.xx.xx/16 }
table <server_ip> { xx.xx.xx.xx, xx.xx.xx.xx }
table <bad_hosts> persist
table <rfc1918> {10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16}
table <users_on> persist
table <users_off> persist
set limit states 50000

#ALTQ
#-OUT-
altq on $ext_if cbq bandwidth 500Mb queue { defl }
queue defl bandwidth 100% cbq(default) { user1_out, user2_out, user3_out }
queue user1_out bandwidth 1024Kb
queue user2_out bandwidth 512Kb
queue user3_out bandwidth 2Mb

#-IN-
altq on $int_if cbq bandwidth 500Mb queue { inqueue }
queue inqueue bandwidth 100% cbq(default) { user1_in, user2_in, user3_in }
queue user1_in bandwidth 1024Kb
queue user2_in bandwidth 2048Kb
queue user3_in bandwidth 2Mb

nat on $ext_if from <nated_hosts> to any -> $ext_ad

pass quick proto tcp from <internet_hosts> to <server_ip> port 80 keep state

#-=black hole=- >:-)
block in quick from <bad_hosts>
pass in quick proto tcp to <server_ip> port 22 flags S/SA keep state \
    (max-src-conn-rate 3/60, overload <bad_hosts> flush global)

set skip on lo0
pass quick on lo0 all no state
pass quick proto tcp from <server_ip> to any keep state
pass quick proto udp from <server_ip> to any keep state
pass quick proto icmp from <server_ip> to any keep state
pass quick proto icmp from any to <server_ip> keep state
pass quick proto tcp from any to <server_ip> port 22 keep state
pass quick proto tcp from any to <server_ip> port 80 keep state
pass quick proto udp from <internet_hosts> to <server_ip> port 111 no state
pass quick proto udp from any to <server_ip> port 53 no state
pass quick proto tcp from any to <server_ip> port 53 no state

block quick from <rfc1918> to <internet_hosts>
block quick from <internet_hosts> to <rfc1918>

block quick from <users_off> to any
block quick from any to <users_off>

#ALTQ
pass quick from xx.xx.xx.1 to any queue user1_out no state
pass quick from any to xx.xx.xx.1 queue user1_in no state
pass quick from xx.xx.xx.2 to any queue user2_out no state
pass quick from any to xx.xx.xx.2 queue user2_in no state
pass quick from xx.xx.xx.3 to any queue user3_out no state
pass quick from any to xx.xx.xx.3 queue user3_in no state

pass quick from <users_on> to any no state
pass quick from any to <users_on> no state

block all

А вот вывод на этом серве статистики по очередям

# pfctl -sq -v

queue root_em0 on em0 bandwidth 500Mb priority 0 cbq( wrr root ) {defl}
  [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
queue  defl on em0 bandwidth 500Mb cbq( default ) {user1_out, user2_out, ruser3_out }
  [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
queue   user1_out on em0 bandwidth 1.02Mb
  [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
queue   user2_out on em0 bandwidth 512Kb
  [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
queue   user3_out on em0 bandwidth 2Mb
  [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]

как видно ни одного пакета не попадает в очередь :(