Hi,
> Thats great, but is there can be anything like this? > > acl bad_guys tos-acl 0x20 > block if bad_guys Ah ok, you want to match incoming TOS. That is indeed not supported currently. Also, not all *nixes provide an API for this. Linux has IP_RECVTOS/IPV6_RECVTCLASS to do it, but BSD hasn't, also see: http://stackoverflow.com/questions/1029849/what-is-the-bsd-or-portable-way-to-get-tos-byte-like-ip-recvtos-from-linux Not sure what effort it would be to implement this. Regards, Lukas
