> One of the goals is that heavy users (basically p2p users) shouldn't be > able to ruin it for the others. The average user should never have to > sit and wait for 5 seconds while google loads, or get 4000ms pings to an > upstream router. Well, again someone struggeling p2p and it's side effects. What about not letting P2P users download anymore? There is a netfilter extension called IPP2P ( http://rnvs.informatik.uni-leipzig.de/ipp2p/ ) that can be used to drop certain P2P packets thus making down- and uploads of the supported p2p-networks almost impossible: iptables -t mangle -A PREROUTING -p tcp -m ipp2p --ipp2p --bit --apple -j DROP If this would be an option to you give it a try and come back to me with the results. We ran such a system for about 6 weeks at a university link and found it beeing pretty stable. If you don't want to recompile the kernel and iptables grab the source code do a make and copy the modules to the appropriate place. Look at the documentation section at the webpage and the README included in source tarball. Hope that helps. Regards, Mike -- GMX ProMail (250 MB Mailbox, 50 FreeSMS, Virenschutz, 2,99 EUR/Monat...) jetzt 3 Monate GRATIS + 3x DER SPIEGEL +++ http://www.gmx.net/derspiegel +++ _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
