On Fri, 2007-08-17 at 18:04 +0300, alex wrote: > > If the destination address is LOCAL, then the traffic is going out of > > the LOCAL interface. So this would only apply if you are shaping the > > LOCAL interface. > > Yes, and when i shaping the LOCAL going out traffic i shaping inbound > EXTERNEL traffic on EXTERNAL interface (if i make corresponding tc-rule): > > 5 $EXT_IF $INT_IF:192.168.5.45 all
That rule would only affect tcclasses on $INT_IF. And you would want that to read: 5:F $EXT_IF $INT_IF:192.168.5.45 all --- > > > And yet one question. If i use follow ONE tc-rule: > > 1 0.0.0.0/0 0.0.0.0/0 icmp echo-request > > would it be suit for any interfaces in tc-classes (i want so): Yes. Except for traffic that originates on the firewall itself. The above rule only affects forwarded traffic. > > $DMZ_IF 1 10kbit full 1 tcp-ack,tos-minimize-delay > > $EXT_IF 1 10kbit full 1 tcp-ack,tos-minimize-delay > > $INT_IF 1 10kbit full 1 tcp-ack,tos-minimize-delay -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
