-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/28/2016 11:43 AM, Jacob W. Hiltz wrote: > Hello, > > I am trying to figure out how exactly I would limit outgoing > traffic from my LAN going to port 80 (web traffic). The rules below do not limit the traffic to 1mb, and although my download limit is 80mbit, when I change a ‘tclcasses’ rule to a limit higher than 20mbit shorewall fails. > > eth0 is my wan interface.
Outgoing web traffic should only be an issue if you are running a web server on your lan or your users are doing lots of uploads. If your users are doing primarily browsing and downloads, then traffic shaping on the WAN interface isn't going to help. In that case, you need to do the shaping on the LAN interface. Remember that tcclasses only apply to packets being sent on an interface. So tcclasses can't specify limits greater than the OUT-BANDWIDTH device setting which is 20mb in your case. > > MANGLE: MARK(1):F 0.0.0.0/0 0.0.0.0/0 tcp - 80 MARK(1):F 0.0.0.0/0 > 0.0.0.0/0 tcp 80 - > > TCDEVICES eth0 80mbit 20mbit > > TCCLASSES eth0 2 10kbit full 2 default eth0 1 10kbit 1mbit 1 > - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJXm394AAoJEJbms/JCOk0QV7IP/iEnA7cbKnnUwPkfc0GxMgoZ r2AIR/RSyR5qysLsulkRYG5Qxy66wvJCY2iGq6qQIDMce+yFlXU/UA+IAUs5XKoy 6qSTv5YGVmtBUdeA1orvLscuHF/XaOz+QRhpoKYxxMabRcSZmA5EmBC/SctF3l5a CeYBKe6ZpigCjCeNjsOKWcTQBOSmaDq72cB+CabQBuirvX2x0/zARpaSa0JksxxG 78g4FWbk7SdAPKnUjs5NaEe76iQUkRyjlX99GsuDEblOFJNGEvq13nSrCWZosUIR K1dTMQ9F0pscXihOgPuOnI5vvZGGjsV02L2APDSa+vFhhhi3gnNSfhUKUB+vCPjL qi1ykbYVKHd4ZphhXbmzKTl5SwnayEgfWL1KwCqmoovTjzDN3Xnq/ywSMwc+dRs/ VfboVnF4HdRHW5IJ3JzoySkjvQuEATHGhRFFcZT8A7bJ8r7kEobtHwTalOp+RkZW 9fxBx6XtfOYKaQ1jf+9YQn3kT/ftXwMwp9FA81yrF8o6EoFyqizqCZNm+K2SNlXy bnDtwdIky+XDisGT/0GpuuqapwrpqBEIwgZocPUJd7wUeNAVDXcaocnnOojNptx5 fPAPrv7CkHoVLOOmc7U+/w24mZmTvxH1BlL3WMBU1wH1vYQiHmuP89BF6DR5n68p 793y6DduPbJsR/QjunYA =LnG2 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users