-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/28/2016 11:43 AM, Jacob W. Hiltz wrote:
> Hello,
> 
> I am trying to figure out how exactly I would limit outgoing
> traffic
from my LAN going to port 80 (web traffic). The rules below do not limit
the traffic to 1mb, and although my download limit is 80mbit, when I
change a ‘tclcasses’ rule to a limit higher than 20mbit shorewall fails.
> 
> eth0 is my wan interface.

Outgoing web traffic should only be an issue if you are running a web
server on your lan or your users are doing lots of uploads. If your
users are doing primarily browsing and downloads, then traffic shaping
on the WAN interface isn't going to help. In that case, you need to do
the shaping on the LAN interface.

Remember that tcclasses only apply to packets being sent on an
interface. So tcclasses can't specify limits greater than the
OUT-BANDWIDTH device setting which is 20mb in your case.

> 
> MANGLE: MARK(1):F 0.0.0.0/0 0.0.0.0/0 tcp - 80 MARK(1):F 0.0.0.0/0
> 0.0.0.0/0 tcp 80 -
> 
> TCDEVICES eth0 80mbit 20mbit
> 
> TCCLASSES eth0 2 10kbit full 2 default eth0 1 10kbit 1mbit 1
> 

- -Tom
- -- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJXm394AAoJEJbms/JCOk0QV7IP/iEnA7cbKnnUwPkfc0GxMgoZ
r2AIR/RSyR5qysLsulkRYG5Qxy66wvJCY2iGq6qQIDMce+yFlXU/UA+IAUs5XKoy
6qSTv5YGVmtBUdeA1orvLscuHF/XaOz+QRhpoKYxxMabRcSZmA5EmBC/SctF3l5a
CeYBKe6ZpigCjCeNjsOKWcTQBOSmaDq72cB+CabQBuirvX2x0/zARpaSa0JksxxG
78g4FWbk7SdAPKnUjs5NaEe76iQUkRyjlX99GsuDEblOFJNGEvq13nSrCWZosUIR
K1dTMQ9F0pscXihOgPuOnI5vvZGGjsV02L2APDSa+vFhhhi3gnNSfhUKUB+vCPjL
qi1ykbYVKHd4ZphhXbmzKTl5SwnayEgfWL1KwCqmoovTjzDN3Xnq/ywSMwc+dRs/
VfboVnF4HdRHW5IJ3JzoySkjvQuEATHGhRFFcZT8A7bJ8r7kEobtHwTalOp+RkZW
9fxBx6XtfOYKaQ1jf+9YQn3kT/ftXwMwp9FA81yrF8o6EoFyqizqCZNm+K2SNlXy
bnDtwdIky+XDisGT/0GpuuqapwrpqBEIwgZocPUJd7wUeNAVDXcaocnnOojNptx5
fPAPrv7CkHoVLOOmc7U+/w24mZmTvxH1BlL3WMBU1wH1vYQiHmuP89BF6DR5n68p
793y6DduPbJsR/QjunYA
=LnG2
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to