For posterity: Data gathered with the following tcpdump command: # tcpdump -nnqti eth0 port 22 and host y.y.y.y ssh session: <session setup snipped, no special ToS value; normal> x.x.x.x.48101 > y.y.y.y.22: tcp 48 (DF) [tos 0x10] y.y.y.y.22 > x.x.x.x.48101: tcp 0 (DF) y.y.y.y.22 > x.x.x.x.48101: tcp 48 (DF) [tos 0x10] y.y.y.y.22 > x.x.x.x.48101: tcp 80 (DF) [tos 0x10] x.x.x.x.48101 > y.y.y.y.22: tcp 0 (DF) [tos 0x10] scp session: <session setup snipped, no special ToS value; normal> y.y.y.y.22 > x.x.x.x.48103: tcp 48 (DF) x.x.x.x.48103 > y.y.y.y.22: tcp 64 (DF) [tos 0x8] y.y.y.y.22 > x.x.x.x.48103: tcp 48 (DF) [tos 0x8] x.x.x.x.48103 > y.y.y.y.22: tcp 0 (DF) [tos 0x8] y.y.y.y.22 > x.x.x.x.48103: tcp 48 (DF) [tos 0x8] So, one *should* be able to do something like this: # iptables -t filter -A FORWARD -m tos --tos 0x08 -j scpchain # iptables -t filter -A FORWARD -m tos --tos 0x10 -j sshchain http://iptables-tutorial.frozentux.net/iptables-tutorial.html I haven't done it.....Good luck, -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
