Re: Tc filter does not filter

To: debian-firewall@lists.debian.org
Subject: Re: Tc filter does not filter
From: Stephan Balmer <sb@lia.ch>
Date: Mon, 7 Jun 2010 09:52:07 +0200
Message-id: <20100607075206.GA4973@lia.ch>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <AANLkTilVdenkb7QLpfQT-f-bD5k51696eaZTdZG_Nwal@mail.gmail.com>
References: <AANLkTilVdenkb7QLpfQT-f-bD5k51696eaZTdZG_Nwal@mail.gmail.com>

Hi

It would help if you could explain to us what you want to achieve with that
script.

> #!/bin/bash
> # Name of the traffic control command.
> TC=/sbin/tc
> 
> # The network interface we're planning on limiting bandwidth.
> IF=eth5             # Interface

How does traffic flow through this interface? Where does it come from, where
does it go? And what do you want to do about it?
 
> # Download limit (in mega bits)
> LIMIT=500kbps          # DOWNLOAD Limit
> 
> # Filter options for limiting the intended interface.
> U32="$TC filter add dev $IF protocol ip parent 1:0 prio 1 u32"
> 
> 
> # delete any current qdisc -- in and out
> $TC qdisc del dev eth5 root    2> /dev/null > /dev/null
> $TC qdisc del dev eth5 ingress 2> /dev/null > /dev/null
> 
> $TC qdisc add dev $IF root handle 1: htb default 30
> $TC class add dev $IF parent 1: classid 1:1 htb rate $LIMIT
> $U32 match ip dport 22 0xffff flowid 1:1
> $U32 match ip dport 22 0xffff flowid 1:1

You repeated the same rule twice, I don't think that does anything.

I don't know much about tc, so I'm just guessing. Is it your
intention to limit traffic going to SSH servers?

Cheers
Stephan

Reply to:

Follow-Ups:
- Re: Tc filter does not filter
  - From: Bjoern Meier <bjoern.meier@googlemail.com>

References:
- Tc filter does not filter
  - From: Bjoern Meier <bjoern.meier@googlemail.com>

Prev by Date: Tc filter does not filter
Next by Date: Re: Tc filter does not filter
Previous by thread: Tc filter does not filter
Next by thread: Re: Tc filter does not filter
Index(es):
- Date
- Thread