holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Expunge ":P" from traffic shaping marking examples

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3865 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-05-05 21:38:05 +00:00
parent 8b573c4ec5
commit f5bcf10464
2 changed files with 27 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/IPP2P.xml
View File

@ -15,13 +15,15 @@
</author>
</authorgroup>
<pubdate>2005-10-04</pubdate>
<pubdate>2006-05-05</pubdate>
<copyright>
<year>2004</year>
<year>2005</year>
<year>2006</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -120,7 +122,7 @@ tcp 6 269712 ESTABLISHED src=192.168.3.8 dst=206.124.146.177 sport=50584 dp
...</programlisting>
<para>Connection marks are persistent -- that is, once a connection mark
is set it retains its value until the connection is terminated. </para>
is set it retains its value until the connection is terminated.</para>
<para>Netfilter provides features to:</para>
@ -208,5 +210,20 @@ SAVE:P - - tcp - -
<para>These rules do exactly the same thing as their counterparts
described above.</para>
<para>One change that I recommend --do your marking in the FORWARD chain
rather than in the PREROUTING chain:</para>
<programlisting>#MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST
# PORT(S)
RESTORE:F - - tcp
CONTINUE:F - - tcp - - - !0
1:F - - ipp2p ipp2p
SAVE:F - - tcp - - - 1
1:12 - eth0 - - - - 1
2:12 - eth1 - - - - 1 </programlisting>
<para>It will work the same and will work with a <ulink
url="MultiISP.html">Multi-ISP setup</ulink>.</para>
</section>
</article>

16
docs/traffic_shaping.xml
View File

@ -21,7 +21,7 @@
</author>
</authorgroup>
<pubdate>2006-05-01</pubdate>
<pubdate>2006-05-05</pubdate>
<copyright>
<year>2001-2006</year>
@ -529,7 +529,7 @@ ppp0 6000kbit 500kbit</programlisting>
<listitem>
<para>PROTO - Protocol - Must be "tcp", "udp", "icmp", "ipp2p",
"ipp2p:udp", "ipp2p:all" a number, or "all". "ipp2p" requires ipp2p
match support in your kernel and iptables. </para>
match support in your kernel and iptables.</para>
</listitem>
<listitem>
@ -772,8 +772,8 @@ ppp0 3 8*full/10 8*full/10 2</programlisting>
<programlisting>#MARK SOURCE DEST PROTO PORT(S) CLIENT USER
# PORT(S)
1:P 0.0.0.0/0 0.0.0.0/0 icmp echo-request
1:P 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-request
1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
# mark traffic which should have a lower priority with a 3:
# mldonkey
3 0.0.0.0/0 0.0.0.0/0 udp - 4666</programlisting>
@ -856,10 +856,10 @@ ppp0 4 90kbit 200kbit 3 default</pro
<programlisting>#MARK SOURCE DEST PROTO PORT(S) CLIENT USER
# PORT(S)
1:P 0.0.0.0/0 0.0.0.0/0 icmp echo-request
1:P 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
2:P 192.168.2.23 0.0.0.0/0 all
3:P 192.168.2.42 0.0.0.0/0 all</programlisting>
1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-request
1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
2:F 192.168.2.23 0.0.0.0/0 all
3:F 192.168.2.42 0.0.0.0/0 all</programlisting>
<para>We mark icmp ping and replies so they will go into the fast
interactive class and set a mark for each host.</para>