Tom Eastep wrote: > The IPMARK target makes it very efficient to assign packet marks based > on IP address. Unfortunately, there is no efficient way to map the many > mark values to HTB classes. As a result, the IPMARK feature introduced > in Shorewall 4.3.9 is still very inefficient. There was once an > IPCLASSIFY target in Netfilter which made the translation of IP address > to CLASS ID very efficient. I'll see what I can do about resurrecting it. > > In 4.3.10, IPMARK will be replaced with a different facility that is > very efficient. Unfortunately, the new facility only works when shaping > occurs on the firewall's internal interface(s) since it is based > entirely on tc filters rather than on packet marking. Still, the new > facility allows administrators to define separate classes for each > internal system to control download bandwidth usage.
Please disregard this for now -- I have learned more and believe that I can provide both options. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
