Hello Devik! > > > and set classid directly in iptables like: > > > iptables -t mangle -A to-dsl -p tcp --dport 80 -j MARK --set-mark 0x10010 > > > iptables -t mangle -A to-dsl -p tcp --sport 24 -j MARK --set-mark 0x10020 > > > > Oh an and I forgot to ask: Is there any other improvement exept for having a > > shorter script? > > It is a bit faster and simpler to maintain. We are using Ipchains. I guess that makes no difference. At the moment we do the following: For Example (all rules for the same device): 1. filter ACKs by using u32 2. filter a specific IP by using ipchains -m (because we masquarade) with its own tc fw 3. filter ToS by using u32 4. filter by another IP with ipchains -m with its own tc fw With only one tc fw per device (and using 8bit values with ipchains -m to specifie the targetclass) i guess the order like shown above could not be maintained. It would look like 2. 4. 1. 3. or 1. 2. 4. 3. depending on the positon of the tc fw filter. The same order like in the example can not be achieved. Am I right with that assumption? Is it possible to have more than one of these "global" tc fw filters for one device? Greetings Nils
