What in fact is the ingress qdisc? Accoring to the howto it limits _incomming_ bandwidth. But a basic principple of qdiscs is that they handle _outgoing_ packets. How does this make sence?
Indeed, it is normally not done, but if you want to shape incoming bandwidth, it is perfectly possible to create a queue for incoming packets, and to do ingress policing by means of this queue.
That's what the ingress policing qdisc does...
One major application of ingress policing is only letting a limited rate of icmp or tcp syn packets coming into your network. That will keep your network less vulnerable for ping floods and dos attacks.
Christian
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
