On Wed, Apr 23, 2003 at 11:14:40AM +0900, openings wrote: > "Ftp uses random ports, so matching the data traffic is not easy. However it can done if you use iptables to mark ftp-data packets and use that mark with the fw filter. For more info see http://home.regit.org/connmark.html. " > General information about the conntrack module can be found here. The trick would be to mark all packets coming from the ftp daemon using iptables with --uid-owner, --pid-owner or --cmd-owner and '-j MARK --mark n', and then use tc filter to get the packets into the right class. -- Frank v Waveren Fingerprint: 21A7 C7F3 fvw@[var.cx|stack.nl|chello.nl] ICQ#10074100 1FF3 47FF 545C CB53 Public key: hkp://wwwkeys.pgp.net/fvw@xxxxxx 7BD9 09C0 3AC1 6DF2
