On Wed, 2004-03-17 at 19:18, Sergey V. Spiridonov wrote: > Hi, > > I need to limit incoming traffic on the specific port (I experimented > with ssh). Outgoing traffic can me easely limited with tc, but I have > problems with incoming traffic. I tried to drop some packets, but after > this ssh stop working at all. > > Is there any standard way to do incoming traffic limitation?
What sort of set up is this? Is the box serving as a router, or a server of some sort? What are you interested in policing? What kernel version are you running? if the box is serving as a router/firewall, and you want to limit traffic to a box behind it. you could forget about policing, and instead use traffic shaping (policing is incoming traffic, shaping is outgoing) on the packets you are sending to that box. That way, you can use tc and your qdisc of choice to delay or prioritize traffic in a more flexible way. AFAIK, you cannot use any of the fancy qdiscs on incoming packets, only on outgoing. Using the shaping method, you could use PRIO to prioritize say interactive traffic (including ssh) or (depending on your kernel version) could use some iptable rules in conjuntion with a heirarchy of HTB schedulers to modify traffic. You could try using the script provided here (I have to head to work, and dont have time to look at myself, just looked promising): http://www.trekweb.com/~jasonb/articles/linux_tc_minihowto.shtml He suggests patching the kernel to get support for HTB, but you could just use a 2.4.2x version, where its included in the kernel sources already. -davidc > -- > Best regards, Sergey Spiridonov > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
