[LARTC] 2 Questions on filtering incoming stuff
Damion de Soto
damion@snapgear.com
Tue, 18 May 2004 17:18:04 +1000
Ed,
> Thinking about it though, the different filters priorities isn't going
> to help too much? eg if I want to accept ACK's, then incoming SMTP,
> then other bulk downloads, then of course I can setup prioritised
> "bands" by limiting some stuff more than others. But I don't think that
> a simple priority system will let me accept up to full bandwidth of
> each, but dropping in a preferential order? (Or do you think simply
> matching each with a 200Kb/s filter in priority order from highest to
> lowest will do the trick?)
No, i don't think this will work very well in practice at all.
it'll be better than nothing though.
> Sure. Same problem for local traffic on that machine though.
Yes... which leads to using the IMQ device as Andreas said.
> However, can you apply filters to aliased IP addresses, ie the virtual
> interfaces eth0:1? Do the filters only apply to the real interfaces
> (which I think is true of iptables for example?)
There are no 'aliased' IP addresses. This is just legacy ifconfig notation.
All IP addresses are treated the same on an interface - so yes.
> This might also be useful for setting up a bandwidth filter PC using only a single net card
> for example (assuming you don't worry about people bypassing it manually)
Yeah, i've wondered if you could do that and get it working.
regards,
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer email: damion@snapgear.com
SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809
| Custom Embedded Solutions fax: +61 7 3891 3630
| and Security Appliances web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- Free Embedded Linux Distro at http://www.snapgear.org ---