> > But your idea of one class / ip is something I'm thinking of to make
now.
> > So I don't need to fill in the MAC or IP when a new client comes to
town.
> So not all classes will be actvive? For performance considerations, only
the
> active classes are important.
Right now there are about 20-30
Thanks for the answer.
How many classes can HTB take?
I use 4-6 interfaces / computer and 2 pools / interface which is has 62
addresses each.
So there would be about 512 classes if I make one for each address.
> I think this came from some mails of about 6 or 8 months ago on the LARTC
> list, no
Hi
I've searched the archive for a solution where I
want to limit/shape WLAN users. I only know's their MAC, because they get their
IP from dhcp.
> Why not, just use negative offsets with U32 to access>the
14-byte eth frame header before the IP header:>>Decimal
Ofs Description>-
Hi,
I use Linux boxes as routers and wonders if it's possible to have them to "copy" the
MAC address, so my firewall can toggle on MAC addresses. Now it only see the routers
MAC address, so everyone behind can go through my firewall.
// Joachim
__
Hello,
Is it possible to make a shaper (with QoS) transparent?
No IPs to the shaper, only a bridge with 2 NICs ?
// Joachim
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello,
How powerful computer do I need when I want to trafic shape & firewall a
2Mbit Internet line?
// Joachim
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi
> I think you can only limit the number of syn-pakets like you already
> proposed.
I tried to switch the params as you said, but no success. It took maybe a
minute before I did get in to the site, but after that I could logout and in
as fast as I wanted. (hammering)
Mabye the only way is the
Hi,
Is it possible to use iptables as hammeprotection ?
I want to deny a user who has just logged off .. for about 10seconds.
I tried with this, but that didn't work. Maybe my mind is going completely in the
wrong direction today? =)
iptables -I INPUT -i eth0 -p tcp -s 0/0 -d $my_ip --dport 2