Hi all, So, I've gotten a jist of a script going for my layer7 filters, but for some reason its not rejecting the packets. Can someone give me a hand with this? (I know, the script is probably ugly as sin, but I've hacked it together from some misc stuff). source: ----------------------------------- tc qdisc add dev $1 root handle 1: htb default 30 tc class add dev $1 parent 1: classid 1:1 htb rate 9mbit burst 15k #set up three classes attached to the root tc class add dev $1 parent 1:1 classid 1:10 htb rate 20kbit burst 15k tc class add dev $1 parent 1:1 classid 1:20 htb rate 2mbit burst 15k tc class add dev $1 parent 1:1 classid 1:30 htb rate 5mbit burst 15k #make each of them use stochasitic fairness queueing tc qdisc add dev $1 parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev $1 parent 1:20 handle 20: sfq perturb 10 tc qdisc add dev $1 parent 1:30 handle 30: sfq perturb 10 tc filter add dev $1 protocol ip parent 1:0 prio 1 handle 1 layer7 protocol msnmessenger classid 1:10 tc filter add dev $1 protocol ip parent 1:0 prio 1 layer7 protocol smtp classid 1:20 tc filter add dev $1 protocol ip parent 1:0 prio 1 layer7 protocol ssh classid 1:30 iptables -A FORWARD -s 10.0.0.0/24 --match mark --mark 1 -j REJECT Would the iptables rule have any effect whatsoever? I don't think so, but it would be nice. Output of tc -s class show dev eth1 ----------------------------------------------------------------- class htb 1:1 root rate 9Mbit ceil 9Mbit burst 15334b cburst 12974b Sent 25012 bytes 287 pkts (dropped 0, overlimits 0) rate 2bps lended: 0 borrowed: 0 giants: 0 tokens: 13 ctokens: 11 class htb 1:10 parent 1:1 leaf 10: prio 0 rate 20Kbit ceil 20Kbit burst 15Kb cburst 1623b Sent 8625 bytes 116 pkts (dropped 0, overlimits 0) rate 1bps lended: 116 borrowed: 0 giants: 0 tokens: 5975 ctokens: 609 class htb 1:20 parent 1:1 leaf 20: prio 0 rate 2Mbit ceil 2Mbit burst 15204b cburst 4194b Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 tokens: 58 ctokens: 16 class htb 1:30 parent 1:1 leaf 30: prio 0 rate 5Mbit ceil 5Mbit burst 15072b cburst 7863b Sent 16387 bytes 171 pkts (dropped 0, overlimits 0) rate 1bps lended: 171 borrowed: 0 giants: 0 tokens: 23 ctokens: 12 ---- So, 1:10 is getting data passed through it, but I can't figure out a way to attach a policing filter that just drops them all into oblivion. Any help is muy appreciated. Derek _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
