> Ok I thought you were trying to match src addresses, and that would be a > problem because of masquerading ;) > yep. > > Along my travels I ran into this: http://l7-filter.sourceforge.net/ > > Have you played with L7 and can you rate it good/bad ? > > I've installed it and used it for 2 month, though I can't say I've > thoroughly tested the patterns. So far, it works out pretty good. The > website has a page that lists supported protocols, and rates the quality > of each pattern. I would not recommend it for production use, though. > There can be side effects : if you visit a web page that describes the > SMTP protocol, the packet will contain data that looks like SMTP, and who > knows which pattern the packet is going to match... > Interesting because in the L7 FAQ it says they take advantage of netfilters connection tracking capabilities to classify connections based on their first few packets and then classify packets based on what connection they are in. To my thinking this precludes what you say above, but I don't know much about netfilters connection tracking. Have you seen the behaviour you describe ? > Iptables may give you more options to separate trafic to different classes > by MARKing them. > Then tc allocates bandwidth for each class. > You'll have much more flexibility this way. > On this, can anyone help with: http://lartc.org/howto/lartc.adv-filter.html 12.1.3. Specific selectors The following table contains a list of all specific selectors the author of this section has found in the tc program source code. They simply make your life easier and increase readability of your filter's configuration. FIXME: table placeholder - the table is in separate file ,,selector.html'' FIXME: it's also still in Polish :-( FIXME: must be sgml'ized I'm quite happy to read polish to get at the list they are offering. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
