But how do I distinguish RELATED connection from ftp and H323 ? If I only whant to limit bandwidht for ftp and not for H323, how could I tell iptable to mark only the RELATED packets from ftp connections ? Thanks, Alex Cópia Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>: > On Thu, 2003-03-13 at 03:09, Antonio Paulo Salgado Forster wrote: > > Hello all, > > > > I'm trying to apply QoS rules on protocols that use dynamic > port > > allocation on secondary connections such as ftp or H323 that have a > > specific iptables helper to handle them, and the problem begins when > the > > secondary connections startup. Would the connmark module mark also > the > > seconday connections if you tells it to mark the main flow? Or, is > there > > any way to to match a packet using, at the same time, the -m state > --state > > RELATED match and check if the related connection belongs to a ftp > session? > > > > Any ideas are appreciated. Thanks in advance. > > > > Forster > > Depending on your QoS setup, you could use the -m state --state > RELATED > and the fwmark patch to mark the packets. Then your QoS filters could > be > triggered by the fwmark values. > >
