I have entries in my tcrules file like the following.. 1:F 10.0.0.0/24 0.0.0.0/0 tcp 4500 # Ragnarok 1:F 0.0.0.0/0 10.0.0.0/24 tcp - 4500 1:F 10.0.0.0/24 0.0.0.0/0 udp 4500 1:F 0.0.0.0/0 10.0.0.0/24 udp - 4500 1:F 10.0.0.0/24 0.0.0.0/0 tcp 6900 # Ragnarok 1:F 0.0.0.0/0 10.0.0.0/24 tcp - 6900 1:F 10.0.0.0/24 0.0.0.0/0 udp 6900 1:F 0.0.0.0/0 10.0.0.0/24 udp - 6900
I have a few questions about this. Firstly some details about my setup. I have approximately a 2 meg upstream connection from my ISP, and ration a large chunk of it to uploads for a dedicated upload server with low priority. I've got a default chunk in the middle which is medium priority and medium bandwidth. web surfing, most video games, and anything else falls into this category. Then I have a high priority category with low bandwidth which is reserved for ssh connections, icmp, tcp syn/ack/fin, and other low bandwidth, high priority connections. among them are a few games which I play all the time. this is for one game in particular, but many of my games follow a similar pattern. also, I'm only shaping outbound traffic. here are my questions: 1) are the pairs of rules for the tcp source/destination pairs necessary, or will one pair work? (...tcp 4500/...tcp - 4500) 2) can I use one rule for tcp,udp or do I need separate rules for both. 3) can I use one rule per game and have multiple ports specified, or will that yield unpredictable results? (ie: tcp 4500,6900) I'd like to add that I've read all the howtos on the shorewall website, as well as reading as much of the documentation as I can understand, but I couldn't find a clear answer to these, and it's difficult for me to generate enough bandwidth to test the different configurations "on demand" to see if or how they work. ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
