>While the subject of your post says "Mark ACKs", the rule above does >something different; it is marking all short packets (which willinclude>ACK packets). You can still place that rule in /etc/shorewall/start >replacing the "Iptables" (Sic) with "run_iptables".Hmm I cant find the start file in my /etc/shorewall dir, I have debian woody with shorewall V1.2 Can I pu it in /etc/shorewall/common?>Looks like you are installing someone''s traffic-shaping script. I >personally use Wondershaper which gives priority to short packetswithout>having use any iptables commands - there''s a link from my traffic >control/shaping page.Yeah it is for traffic shaper with HTB
--On Friday, December 13, 2002 06:31:45 PM +0100 Morbid Angel <mangel@gmx.de> wrote:>> While the subject of your post says "Mark ACKs", the rule above does >> something different; it is marking all short packets (which will > include >> ACK packets). You can still place that rule in /etc/shorewall/start >> replacing the "Iptables" (Sic) with "run_iptables". > > Hmm I cant find the start file in my /etc/shorewall dir, I have debian > woody with shorewall V1.2 > Can I pu it in /etc/shorewall/common?Are you incapable of creating files on your system? -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
--On Friday, December 13, 2002 09:35:51 AM -0800 Tom Eastep <teastep@shorewall.net> wrote:> > > --On Friday, December 13, 2002 06:31:45 PM +0100 Morbid Angel > <mangel@gmx.de> wrote: > >>> While the subject of your post says "Mark ACKs", the rule above does >>> something different; it is marking all short packets (which will >> include >>> ACK packets). You can still place that rule in /etc/shorewall/start >>> replacing the "Iptables" (Sic) with "run_iptables". >> >> Hmm I cant find the start file in my /etc/shorewall dir, I have debian >> woody with shorewall V1.2Also, you should really consider upgrading to a supported version of Shorewall. I no longer support version 1.2. You will want to carefully review http://shorewall.sf.net/upgrade_issues.htm though as there are some incompatibilities between 1.2 and 1.3. No version of Shorewall contains any of the extension scripts (see http://shorewall.sf.net/shorewall_extension_scripts.htm) -- if you need them, you simply create them yourself. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net