[linux-elitists] oBSD-elitist: 56K virtual shared pipe for all 'Doze MTAs

Karsten M. Self kmself@ix.netcom.com
Fri Feb 13 16:00:20 PST 2004

From Randall Schwartz at UsePerl:


    Thursday January 29, 2004

    05:12 PM
    openbsd's fingerprinting and shaping used for evil^Wgood [#17094]

    I can't believe I didn't see this earlier. Oh, how sweet.

    in /etc/pf.conf:

         altq on $ext_if cbq queue { q_default q_web q_mail }
         queue q_default cbq(default)
         ... queue q_web (not shown) ...
         ## all mail limited to 1Mb/sec
         queue q_mail bandwidth 1Mb { q_mail_windows }
         ## windows mail limited to 56Kb/sec
         queue q_mail_windows bandwidth 56Kb
         pass in quick proto tcp from any os "Windows" to $ext_if port
     25 keep state queue q_mail_windows
         pass in quick proto tcp from any to $ext_if port 25 label
     "smtp" keep state queue q_mail

    Mail coming from windows boxes (all flavors) compete for my virtual
    56K line. All other mail can come in the fat pipe. Already a huge
    difference in my load. Bwa ha ha.

Of course, 56K is generous.  Maybe they only deserve 300 baud....

ObLinux:  Does linux have similar OS fingerprinting capabilities (I'm
cramming on iptables ATM[1]) and / or the ability to throttle a designated
class of traffic?

Say....  Any IP in China/Korea, or appearing on



1.  OK, what is *your* favorite good description of the whole iptables
    mess?  I've got Sonnenreich and Yates, _Building Linux and OpenBSD
    Firewalls_, Wiley, and Ziegler _Linux_ Firewalls_, New Riders.  Both
    cover ipchains / ipfwadmin.  I'm going through Rusty Russel's
    unreliable guides (trying to find PS for printing).  And manpages
    for iptables.  It's not sinking in.  fwbuilder was also rather more
    puzzling than I'd hoped.

Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   ARM Computer:  Customer Service Hell On Earth
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040213/b1207fe6/attachment.pgp 

More information about the linux-elitists mailing list