> We are using Ipchains. I guess that makes no difference. At the moment we do the > following: > > For Example (all rules for the same device): > 1. filter ACKs by using u32 > 2. filter a specific IP by using ipchains -m (because we masquarade) with its > own tc fw > 3. filter ToS by using u32 > 4. filter by another IP with ipchains -m with its own tc fw > > With only one tc fw per device (and using 8bit values with ipchains -m to > specifie the targetclass) i guess the order like shown above could not be > maintained. It would look like > > 2. 4. 1. 3. or 1. 2. 4. 3. depending on the positon of the tc fw filter. The > same order like in the example can not be achieved. Am I right with that > assumption? unfortunately, you are right > Is it possible to have more than one of these "global" tc fw filters for one > device? probapbly yes but the first one will match all. But you can filter acks with ipchains too (-y). devik
