iptables throttle via tc cont.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Casey Scott <casey@phantombsd.org>
To: netfilter@lists.netfilter.org
Subject: iptables throttle via tc cont.
Date: Thu, 20 Apr 2006 11:59:34 -0700 (PDT)	[thread overview]
Message-ID: <7838526.31145559574402.JavaMail.root@tomcat.phantombsd.org> (raw)

After working some more on my original post, I've come up with this. It doesn't work,
though I think it should. I am trying to throttle incoming connections from the Internet. 
Since tc filters work on transmit, the best place to restrict seems to be from eth1 to 
eth0 (FORWARD). That way, the restriction imposed on the trasmit of eth1 won't apply to a connection from the internal network going out (like an file upload). The box in 
question has eth0 in an internal network and eth1 on the WAN link.

iptables -t mangle -A FORWARD -i eth0 -j MARK --set-mark 1
iptables -t mangle -A FORWARD -i eth1 -j MARK --set-mark 2

tc qdisc del dev eth0 root 2>/dev/null
tc qdisc add dev eth0 root handle 1:0 htb default 1
tc class add dev eth0 parent 1:0 classid 1:1 htb rate 100mbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 2kbit
tc filter add dev eth0 parent 1:0 protocol ip prio 0 handle 1 fw classid 1:10
tc filter add dev eth0 parent 1:0 protocol ip prio 0 handle 2 fw classid 1:1

Though I see packets being caught by the iptables rules, they never seem to 
get the tc filters applied to them.

Thanks,
Casey

next             reply	other threads:[~2006-04-20 18:59 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-04-20 18:59 Casey Scott [this message]
  -- strict thread matches above, loose matches on Subject: below --
2006-04-21  4:16 iptables throttle via tc cont Casey Scott

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7838526.31145559574402.JavaMail.root@tomcat.phantombsd.org \
    --to=casey@phantombsd.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.