This is effective but is there any way to tell it to choose only certain kinds of streams for dropping packets? Minimally I would want to tell it to never drop any packets in a certain list of port numbers.
ingress is rather weak. You can only really police with it. For what you want most people setup the IMQ[1] device and you egress filters on it to control what is shaped and how.
You can create different ingress policers that only match specific ports, and give them different priorities, but that still won't work as well as using IMQ,
or if your box is a gateway (and you are only shaping traffic going through it),
then you can use egress queues on the LAN interface.
regards,
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Damion de Soto - Software Engineer email: damion@xxxxxxxxxxxx SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliances web: http://www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
