[linux-elitists] oBSD-elitist: 56K virtual shared pipe for all 'Doze MTAs

Karsten M. Self kmself@ix.netcom.com
Fri Feb 13 16:00:20 PST 2004


From Randall Schwartz at UsePerl:

    http://use.perl.org/~merlyn/journal/17094

    Thursday January 29, 2004

    05:12 PM
    openbsd's fingerprinting and shaping used for evil^Wgood [#17094]

    I can't believe I didn't see this earlier. Oh, how sweet.

    in /etc/pf.conf:

         altq on $ext_if cbq queue { q_default q_web q_mail }
         queue q_default cbq(default)
         ... queue q_web (not shown) ...
         ## all mail limited to 1Mb/sec
         queue q_mail bandwidth 1Mb { q_mail_windows }
         ## windows mail limited to 56Kb/sec
         queue q_mail_windows bandwidth 56Kb
         ...
         pass in quick proto tcp from any os "Windows" to $ext_if port
     25 keep state queue q_mail_windows
         pass in quick proto tcp from any to $ext_if port 25 label
     "smtp" keep state queue q_mail

    Mail coming from windows boxes (all flavors) compete for my virtual
    56K line. All other mail can come in the fat pipe. Already a huge
    difference in my load. Bwa ha ha.

Of course, 56K is generous.  Maybe they only deserve 300 baud....


ObLinux:  Does linux have similar OS fingerprinting capabilities (I'm
cramming on iptables ATM[1]) and / or the ability to throttle a designated
class of traffic?

Say....  Any IP in China/Korea, or appearing on
$FAVORITE_SPAM_BLOCKLIST?


Peace.

--------------------
Notes:

1.  OK, what is *your* favorite good description of the whole iptables
    mess?  I've got Sonnenreich and Yates, _Building Linux and OpenBSD
    Firewalls_, Wiley, and Ziegler _Linux_ Firewalls_, New Riders.  Both
    cover ipchains / ipfwadmin.  I'm going through Rusty Russel's
    unreliable guides (trying to find PS for printing).  And manpages
    for iptables.  It's not sinking in.  fwbuilder was also rather more
    puzzling than I'd hoped.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   ARM Computer:  Customer Service Hell On Earth
     http://lists.svlug.org/pipermail/svlug/2001-November/038616.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040213/b1207fe6/attachment.pgp 


More information about the linux-elitists mailing list