Hello,
i''ve found this page (lartc currently down)
http://www.lartc.org/howto/lartc.cookbook.synflood-protect.html
where someone used iptables firewall mark to mark specific packets which
will be shaped thru ingress qdisc with a fw filter and rate policy
appended.
I''ve tried similar this way, but it don''t work. Now
i''m belief this
could''nt work cause the traffic is marked with iptables after it has
passed the ingress qdisc? Correct?
I''ve tried this two ways:
********************************
<mark the packets to shape in PREROUTING with 7>
$TC qdisc add dev $DEV handle FFFF: ingress
$TC filter add dev $DEV parent ffff: protocol ip prio 50 handle 7 fw \
police rate ${DOWNSTREAM}kbit burst 10k mtu $MTU drop flowid :1
********************************
This don''t work. shapes nothing.
********************************
$TC qdisc add dev $DEV handle FFFF: ingress
$TC filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip \
src 0.0.0.0/0 police rate ${DOWNSTREAM}kbit burst 10k drop flowid :1
********************************
This works fine, shapes all traffic down to $DOWNSTREAM limit.
--
Markus Schulz
> >Is that verb regular? Does "ich kann den Mond sprengen"
sound less
> >awkward than "ich kann den Mond explodieren" ?
> The first sentence is correct, the second one is just nonsense. But
> you will need quite a big amount of explosives to do so.
I''m sure America has plenty. :)
