Chuck Kollars wrote: > > As another example, what I use is documented at > http://www.ckollars.org/shaping.html >
Good writeup, Chuck. I've taken the liberty of adding a link to it from the Shorewall Traffic Shaping page. A couple of comments, though: a) It is doubtful that all of the UDP ports that you are specifying are needed (20, 21, and 110) come to immediately to mind. b) TCP port 20 is only a destination port for ACK packets. FTP servers bind to that port for active mode data connections. c) Your rules assume that no servers are running behind the Shorewall box since only requests with the listed DEST ports are being marked. Responses from local servers have the reserved ports as their SOURCE port. So, for example, outgoing responses from a web server have SOURCE port 80 (HTTP) or 443 (HTTPS). ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
