Chuck Kollars wrote:> I want to let connections start out unrestricted, but
> then demote any that become very large to a low
> priority traffic shaping class. Demoting all "large"
> transfers seems much simpler than trying to identify
> every single kind of P2P, video, audio, etc. How can I
> do this?
Wait for Shorewall 4.1.7.
>
> If I can''t do it through Shorewall, what about raw
> IPtables commands? It looks like I can use the "Nth"
> conditional to roughly identify connections that are
> obviously "large". But how can I then flag the
> connection for different treatment from then on? I
> need to mark not just that packet, but the whole
> connection. How can I do this?
I personally would use the connbytes match (that''s what Shorewall 4.1.7
uses). That match is always against the connection.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/