You could try to match on helper within iptables. Should be something like
iptables -A FORWARD --match conntrack --ctproto tcp --ctstate
RELATED,ESTABLISHED --match helper --helper ftp -j CLASSIFY ....
Perhaps this will match your data channel.
Cheers,
Andreas
DervishD wrote:
Hi Ethy :)
* Ethy H. Brito <ethy.brito@xxxxxxxxxxxx> dixit:
How to make shure that only FTP RELATED packets will be CLASSIFY'ed??
I can only suggest that you limit the source ports available to
passive FTP. In my FTP server this can be configured, but probably in
other servers you can do it too. Once you do this, it's quite easy to
setup a "tc filter" to mark packages (or iptables if you prefer).
Raúl Núñez de Arenas Coronado
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
