-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
#create engress htb shaper:
tc qdisc add dev $IF root handle 1: htb
#setup some iface limits
tc class add dev $IF parent 1: classid 1:1 htb rate ${MAXOUT}kbit ceil ${MAXOUT}kbit burst 50kb
#add subclass for your application attached to the root class 1:1 - 1:10, set proper ceil value!
tc class add dev $IF parent 1:1 classid 1:10 htb rate 128kbit ceil ${MAXOUT}kbit prio 1 burst 5kb
#then just add filters, in that case port 53 - DNS
tc filter add dev $IF parent 1:0 protocol ip prio 10 u32 match ip dport 53 0xffff flowid 1:10
you are good to go!
tc qdisc -s show dev $IF
will tell you what is going on.
HTH,
- -N
On 09/08/2011 05:00 PM, Marco Coda wrote:
> 2011/9/8 Gáspár Lajos <swifty@xxxxxxxxxxx>:
>
>
>> - If you send an e-mail then you connect from your system (from a random
>> port) to a mail server (to 25)...
>> Would you try with my proposed settings???
>
> I just tried it, with rare 1Mbit, bandwidth 2 Mbit and iptables with
> --dport 25 and, even if the iptables rule is matched (I can see the
> packet count measuring the right size of the mail), tc seems to ignore
> those packets. I know that my postfix open a connection to another mta
> from a pseudo-random port to 25, but with --dport option tc does not
> consider these packets. Instead, with --sport option, I don't know
> why, something is filtered...
>
>> - If you set your upload limit to 10kbit then you can send 1,25KByte per
>> sec. (It is veeerrryy slooow.)
>
> In this moment I set this speed so I can test the server with small
> attachments... When the script will be definitively complete,I'll set
> the real values..
>
>
> 2011/9/8 Nikolay Kichukov <hijacker@xxxxxxxxx>:
>
>> tc does not require iptables to shape traffic at all. So why bothering?
>
> I want to limit only one port, not the entire interface. I don't want
> other ports (such as pop3 or imap) limited
> So I used iptables for marking and then tc filter handle fw for filtering..
> How should i do?
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJOaNfCAAoJEDFLYVOGGjgXIcsIAKTB5Azc5860kSvNmyLjaDTH
WgZfmiPzoyuSK88WhXaIVBXcwLgpBVVqkZZRV3AyXKQ/ucTGax6daDZdmINw+i53
YIkKzQCknaEff/WdVCfVi404OERxz/tzUwHAqN4/DsS7/h55XPkpmBEgUahIYeWP
3RQZ9mNFkzpdYWnoLefFgtgBjxecShocQ2wyRAybl4KJQnl+5tv+tTQqiOQ0t6Cz
aPyX4w26qaluQiSTQ6SXeJ846HWASjvAt3KIXaS1xc9c000OeGT0vHCLBf+I5whE
sghiHVMBqcF8IVs+s+2vVn200d2MSzfhtz2llYAiEqxExXOhQ1y6nm8k1XSqfu8=
=ip57
-----END PGP SIGNATURE-----
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
