The IPMARK target makes it very efficient to assign packet marks based on IP address. Unfortunately, there is no efficient way to map the many mark values to HTB classes. As a result, the IPMARK feature introduced in Shorewall 4.3.9 is still very inefficient. There was once an IPCLASSIFY target in Netfilter which made the translation of IP address to CLASS ID very efficient. I'll see what I can do about resurrecting it.
In 4.3.10, IPMARK will be replaced with a different facility that is very efficient. Unfortunately, the new facility only works when shaping occurs on the firewall's internal interface(s) since it is based entirely on tc filters rather than on packet marking. Still, the new facility allows administrators to define separate classes for each internal system to control download bandwidth usage. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
