Lennart Sorensen wrote: > On Mon, Apr 27, 2009 at 10:32:05AM -0700, Fred Picher wrote: >> I'd like to use DSCP marking on incoming packets and since I'm using >> Shorewall, I thought of making an addition. I must say I haven't tried DSCP >> marking yet, but it looks supported by Netfilter using a dedicated DCSP >> target since quite some time. >> >> eg.: >> >> iptables -t mangle -A FORWARD -p tcp --dport 80 -j DSCP --set-dscp 1 >> >> So, in order to size the task at hand I thought about asking here if >> anyone has already tried adding DSCP before and if so, what was the >> experience ? Or any other background information on marking packets in such >> a way. >> >> Thanks for any suggestion/hint/info. > > We were about to try and add the same thing here. We haven't looked > into where in shorewall it would fit yet. > > I figure being able to make rules that mark the DSCP/tos field on incoming > packets before any tc rules are applied, as well as marking outbound > packets based on how tc rules marked the packets would both be useful. >
I think that the logical approach is to clone the current /etc/shorewall/tos file handling (or modify it to set the entire DSCP field rather than just the TOS). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensign option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
