Hi, I would like to shape incomming traffic on eth0 and ipsec0 (binded to eth0). I need to set minimal bandwidth to some packets going via ipsec0 interface. It is running fine when I simply mark the ESP (protocol 50) packets in the PREROUTING chain - means all ipsec packets are shaped. Like: iptables -t mangle -A PREROUTING -i eth0 -p 50 -j MARK --set-mark 30 iptables -t mangle -A PREROUTING -i eth0 -p 50 -j RETURN The issue I''m dealing with is how can I mark packets based on internal destinantion/source IP in PREROUTING chain when it is encrypted ipsec packet. I can see the ipsec packet decrypted in FORWARD chain, but will that work correctly with IMQ, when I mark it here? Thanks, David _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/