I must be missing something simple here: This works just fine: tc qdisc add dev ppp0 handle ffff: ingress tc filter add dev ppp0 parent ffff: protocol ip prio 50 u32 match ip sport 80 0xffff police rate 100kbit burst 10k drop flowid :1 It throttles ingress traffic on port 80 and downloads slow down as tcp backs off. However this doesn't work at all, and it should be the same thing: iptables -t mangle -A PREROUTING -p tcp --sport 80 -j MARK --set-mark 99 tc qdisc add dev ppp0 handle ffff: ingress tc filter add dev ppp0 parent ffff: protocol ip prio 50 handle 99 fw police rate 100kbit burst 10k drop flowid :1 So I can define port 80 traffic just fine in the tc filter, but for some reason iptables isn't marking the traffic or the ingress qdisc doesn't see the marked traffic. Anyone have any ideas? schu
