Is it possible to have multiple filters around an ingress so that you
can police your downloads more specific. What I''m trying to achieve is
to have all my ftp-traffic limited to 1024kbit on downloads. I included
some commands below so that you might better understand my thoughts on
the matter.
tc qdisc add dev eth0 root handle 1: htb default 2
tc class add dev eth0 parent 1: classid 1:1 htb rate 2048kbit ceil
2048kbit prio 1
tc class add dev eth0 parent 1:1 classid 1:2 htb prio 2 rate 1kbit ceil
2048kbit
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip src
0.0.0.0/0 police rate 2048kbit burst 47.0kb drop flowid 1:
tc class add dev eth0 parent 1:1 classid 1:3 htb rate 1024kbit ceil
1024kbit prio 1
tc qdisc add dev eth0 parent 1:3 handle 3 sfq perturb 10
tc filter add dev eth0 parent 1:3 protocol ip u32 match ip dport 21
0xffff flowid 1:3
tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip src
0.0.0.0/0 police rate 1024kbit burst 23.5kb drop flowid 1:3
--
Alexander Brill <kiowa@project23.no>
http://www.project23.no
PGP-key: http://alexb.egil.org/key.pub
