On 9/9/12 1:30 PM, Mr Dash Four wrote: > >>> The question I have is this: what entry would get a priority if I >>> connect from 1.1.1.22, dest port 22 and src port 1111? This will match >>> both entries above and since the priority seems to be the same I don't >>> know what would be matched first. Thanks. >>> >> >> I don't know. >> > OK, that is the problem I am having at present - I was under the > impression that the first match wins, but that seems not to be the case > at all - I get a match on the second class (26), but no the first. > > Another query then - if I set the priority of, say, class 22 to be 2, > and the priority of 26 to be 3 would that help - would I get a match on > 22 first and then 26? How is this priority interpreted in the tc > statements? Is this priority accounted for in ifbX devices?
Some examples in the LARTC HOWTO suggest that only unclassified packets are passed to the next priority. So it sounds like using different priority classes would help in your case. TC filters are independent of the type of interface. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
