From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stef Coene Date: Sat, 08 Mar 2003 19:29:00 +0000 Subject: Re: [LARTC] Kind of curious: Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org On Saturday 08 March 2003 05:07, Martin A. Brown wrote: > : > What exactly do you mean here? Do you wish to use fwmark as a > : > selector for traffic control? > : > : Not sure if I mean fwmark. However Stef's docs are on my reading > : list. Basically I will want to simulate different types of firewalls > : per iprange. Meaning -- the basic firewall config I will allow > : anything out and only responses into the "network" and on a more evil > : admin type firewall I would like to block various ports from outbound > : access. > > I think you'll find iptables more than adequate. > > For the packet filtering, mangling/marking and NAT (if you need it), > you'll find iptables more than adequate. > > For traffic control, you'll use tc, which is part of the iproute2 package. > (Note, that the tc with htb support is currently only available via the > main HTB page, as a patch or binary.) > > : Which would be better ipchains or iptables? > > iptables if you have a choice. > > For iptables help: > > http://iptables-tutorial.frozentux.net/ An other reason is that you need kernel 2.4.x for the htb support so you need iptables. Ipchains is for kernel 2.2.x. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/