From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mike Wright <xktnniuymlla@mailinator.com>
Date: Fri, 20 Jul 2007 20:45:14 +0000
Subject: [LARTC] newbie needs policing help
Message-Id: <46A11EDA.90507@mailinator.com>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hi listizens,

Complete tc newbie here.  I'm in a pinch because of a mail assault on a 
server.  I've firewalled away many of the most egregious offenders but 
non-smtp services are still being DOS'ed because of all the mail traffic.

Here is what I've tried.  (I did say newbie ;)

-----------------
#!/bin/sh
#
# policing parent
tc qdisc add dev eth0 handle ffff: ingress
#
# filter should slow tcp smtpd traffic to 64k max
tc filter add dev eth0 parent ffff: protocol ip prio 50 \
     u32 match ip dport 0x25 0xFFFF match ip protocol 0x06 0xff \
     police rate 55kbit burst 9k drop flowid :1
-----------------

...but I haven't the slightest idea how to check up on it.  e.g. with 
iproute2 I could say "ip route list" to see what was in there, but how 
can I check tc rules?  "tc qdisk show" gives some cryptic output but "tc 
filter show dev eth0" returns nothing.

(I'm not even sure if the above rules make any sense :(  )

Any helpers out there?

TIA,
Mike Wright :m)
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc