Hi, I have a question about policy filters. All I want is incoming traffic being restricted to a specific rate. At the moment, I get way lower rates than specified. So far, I did use a filter much like Wondershaper does: tc filter add dev $DEV parent ffff: protocol ip prio 50 \ u32 match ip src 0.0.0.0/0 \ police rate ${DOWNLINK}kbit burst 10k drop flowid :1 However, it seems that this doesn''t work well for all rates. After a change of the DOWNLINK value, I found that this filter dropped far too many packets (resulting rate was somewhat 1/10 of DOWNLINK). It looks like this has something to do with the ''burst'' parameter. LARTC Howto says: "If your buffer is too small, packets may be dropped because more tokens arrive per timer tick than fit in your bucket." So I thought, hum, maybe 10k burst is too small. However, when I raised the value to 20, 30, 40k, the rate got even worse. Since I don''t have any real idea what this burst parameter actually does, is here anyone with the experience which values are best to use? Since it seems to depend on the rate used, I''d prefer some kind of formula that calculates the ideal burst/buffer/maxburst (what''s the difference?) value depending on $DOWNLINK. For the time being, I just removed the ingress altogether, since I already have HTB shaping in both directions (on ppp0 for outgoing, and eth1 for incoming). Does ingress even make sense when there''s already HTB on the LAN device to do the shaping? I thought it may be a good thing since it considers local incoming traffic, too. TIA, Andreas _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/