On Mon, 25 Nov 2002, Robert Penz wrote: > could you please tell me how you match ssh and not scp with iptables? I did almost the same as Martin suggested: | So, one *should* be able to do something like this: | | # iptables -t filter -A FORWARD -m tos --tos 0x08 -j scpchain | # iptables -t filter -A FORWARD -m tos --tos 0x10 -j sshchain # (ssh) # $IPTABLES -A PREROUTING -t mangle -p tcp --dport 22 \ # -m tos ! --tos Maximize-Throughput \ # -j MARK --set-mark 2 # (scp) # $IPTABLES -A PREROUTING -t mangle -p tcp --dport 22 \ # -m tos --tos Maximize-Throughput \ # -j MARK --set-mark 8 it works for me but I'm not sure if it is in general correct. greetings Sebastian -- Sebastian 'spax' Pape | "Things should be as simple as possible, but mailto: sebastian@p-a-p-e.de | not simpler." -- Albert Einstein gpg: http://p-a-p-e.de/gpg.asc | --- Do you want to know more? http://www.p-a-p-e.de/ --- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
