Chuck Kollars wrote:
I want to let connections start out unrestricted, but then demote any that become very large to a low priority traffic shaping class. Demoting all "large" transfers seems much simpler than trying to identify every single kind of P2P, video, audio, etc. How can I do this?
Wait for Shorewall 4.1.7.
If I can't do it through Shorewall, what about raw IPtables commands? It looks like I can use the "Nth" conditional to roughly identify connections that are obviously "large". But how can I then flag the connection for different treatment from then on? I need to mark not just that packet, but the whole connection. How can I do this?
I personally would use the connbytes match (that's what Shorewall 4.1.7 uses). That match is always against the connection.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
