Hi Edmund OK, sorry 'bout that. Say for example that I have a webserver and I only want that thing to push 512kbit out. The only way that I see that I would be able to limit this kind of outbound traffic with the tc classifier is if I knew which ip's will be visiting web-pages. If this was the situation I would be able to have a long list of rules that all look something like .. u32 match ip src xxx.xxx.xxx.xx flowid 1:1 or something Unfortunately there is about a few million possible ipv4 addresses that can access the box if they really felt like it. This could problem could possibly be solved by having a rule like this : .. u32 match ip sport 80 match ip src (webserver) flowid whatever But the real problem lies in limiting ftp, since ftp (at least the way i thought it works. could be wrong. probably am) just does the whole auth section on sport 20/21 and the data transfer actually take place on a random 1024+ source port and a random 1024+ destination port. This would be perfectly solved with iptables marking because one should be able to do something like --append PREROUTING -m state --state ESTABLISHED, RELATED --jump MARK --set mark 1 { please excuse the line wrapping } thanks a lot for your time cilliè On Monday 03 November 2003 10:35, you wrote: > Cillie, > I might be missing something here, but I do use this filter setup for > limiting outbound http and ftp traffic. > > > Regards > edmund _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/