hm, the only way i see how to really get a hold on downloads is egress filtering on the isp side. ingress filtering here is just waste of time? partly because, what stef also said, the data is already reveived, so i can get the same effect with egress filtering on the internal interface of the fw, and partly because ingress filtering in linux is not well functioning? thanks, tomas On Thu, Feb 06, 2003 at 11:01:08AM -0600, Martin A. Brown wrote: > : > I'd suggest that Tomas throttles his bandwidth on transmit to the internal > : > network. It is a router, so very little traffic will be initiated from > : > the router itself. > : > Why not perform traffic control on packets transmitted to the Internet on > : > the outward facing NIC. > : > Then perform traffic control on packets received from the Internet on the > : > inward facing NIC. > : > What's wrong with this? > : Euh nothing :) > : But you have the same problem. You are controlling already received data. So > : you can only hope that the other end of the link stops sending data if you > : drop packets. > > Well, slap me with a wet fish! That's pretty obvious. > > (Martin, neophyte with traffic control, returns to routing.) > > Thanks, Stef, > > -Martin > > -- > Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com > >
