Thinking about it though, the different filters priorities isn't going to help too much? eg if I want to accept ACK's, then incoming SMTP, then other bulk downloads, then of course I can setup prioritised "bands" by limiting some stuff more than others. But I don't think that a simple priority system will let me accept up to full bandwidth of each, but dropping in a preferential order? (Or do you think simply matching each with a 200Kb/s filter in priority order from highest to lowest will do the trick?)
No, i don't think this will work very well in practice at all. it'll be better than nothing though.
Sure. Same problem for local traffic on that machine though.Yes... which leads to using the IMQ device as Andreas said.
However, can you apply filters to aliased IP addresses, ie the virtual interfaces eth0:1? Do the filters only apply to the real interfaces (which I think is true of iptables for example?)
There are no 'aliased' IP addresses. This is just legacy ifconfig notation. All IP addresses are treated the same on an interface - so yes.
This might also be useful for setting up a bandwidth filter PC using only a single net card for example (assuming you don't worry about people bypassing it manually)Yeah, i've wondered if you could do that and get it working.
regards,
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Damion de Soto - Software Engineer email: damion@xxxxxxxxxxxx SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliances web: http://www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
