Hi there! Some questions I couldn't find an answer for: IPtables: - Is it possible to filter those ACK-packets (to eleminate problems with ADSL-connections) with IPtables? It wasn't possible with IPchains, so u32 had to be used. Now there is this nice little --tcp-flags option. But I just don't know if this is all I need. The u32 was checking for packetsize too. So if there is a eqivalent to the u32 ACK-filterrule, what would it look like? What I have found in the ML is this: ---- # Set ACK as prioritized traffic (ACK's are less than 100 bytes) $IPTABLES -t mangle -A MANGLE_MARK -p tcp -m length --length :100 -j MARK --set-mark 1 $IPTABLES -t mangle -A MANGLE_MARK -p tcp -m length --length :100 -j RETURN ---- Wouldn't that apply on a lot more packets than only the ACK ones? What is the exact specification of an ACK-packet? - With IPchains it was possible to mark and return in one rule. Looking at the example above this doesn't seem possible (two -j operators). Is that right? - Can I have for example one custom chain and have forward and output send its packets to it? - Is there a howto that explains -t mangel, -A PREROUTING/POSTROUTING etc.? The only IPtables HowTo I have found is http://www.telematik.informatik.uni-karlsruhe.de/lehre/seminare/LinuxSe m/downloads/netfilter/iptables-HOWTO.html - From Patricks' IMQ-page: ---- SFQ is very useful as a leaf qdisc. But by default, its internal queue length is 128 which is too much for small classes or even for not-so-fast links. Changing SFQ_DEPTH in net/sched/ sch_sfq.c to about 10-20 results in flows responding much faster to bandwidth changes. ---- Is that ment for SFQ in general or only in conjunction with IMQ? Thank you. Greetings, Nils
