Grant wrote: > I've got packet shaping set up with a basic config and I'm wondering > if anyone has any recommendations for these settings. The main thing > to be moving along priority 4 should be p2p. Is this only shaping the > outbound traffic or is it doing ingress too? > > tcdevices: > eth0 1000kbps 100kbps > > tcclasses: > eth0 1 full*9/10 full 1 > eth0 2 full*8/10 full*9/10 2 > eth0 3 full*7/10 full*9/10 3 > eth0 4 full*1/10 full*5/10 4 default
Your guarantees add up to > full. So this config won't work well at all. > > tcdevices: > 1 0.0.0.0/0 0.0.0.0/0 udp 5060,5061 > 1 0.0.0.0/0 0.0.0.0/0 tcp 22 > 1 0.0.0.0/0 0.0.0.0/0 icmp echo-request > 1 0.0.0.0/0 0.0.0.0/0 icmp echo-reply > 2 0.0.0.0/0 0.0.0.0/0 udp 53 > 2 0.0.0.0/0 0.0.0.0/0 tcp 80,443 > 3 0.0.0.0/0 0.0.0.0/0 tcp 873 > 3 0.0.0.0/0 0.0.0.0/0 udp 873 > It is not possible to look at a set of rules and tell if they are 'good' or not. That is because we don't know what kind of services you provide. If you are running servers (including SSHD), your rules are not good at all since they categorize traffic only by DEST PORT. Responses from servers need to be categorized by SOURCE PORT. Also, your UDP rule for port 873 is silly. ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
