You can filter by port with the option like "sport 80" but so far I have not found a way to say "not port 80" ingress traffic I know ingress shaping is not as robust but I thought you could put policies around it. Still learning this stuff - I will chat with Gorz today :) On Thu, Feb 25, 2016 at 12:37 AM, Todd Millecam wrote: > you might be able to filter by port, like you do with by ip, but I've > never tried it > > On Thu, Feb 25, 2016 at 12:32 AM, Todd Millecam wrote: > >> Also, tc doesn't support port-specific operations as that's all handled >> in a different space of the kernel. Only iptables can do port-specific >> traffic shaping. You'd have to do something really clever like direct all >> non port 22 traffic from specified ip to a tap interface off of a bridge >> and then use tc on that interface, but if you can't mess with iptables >> without lots of paperwork, I imagine making virtual network adapters public >> is also not a possibility. >> >> On Thu, Feb 25, 2016 at 12:26 AM, Todd Millecam wrote: >> >>> well, for that, then it's a: >>> match ip src/dst 10.208.208.0/21 >>> appended onto your tc. >>> To emulate loss, you'd use netem as well and just append a loss 1% to >>> the end. >>> >>> Lastly, to get a proper range you'd want to change delay 100ms to the >>> average and then the range, so like: >>> delay 175ms 75ms loss 1% >>> >>> It's all in the same tc module, so man tc-netem will be a lot more >>> helpful than me. >>> >>> On Wed, Feb 24, 2016 at 6:17 PM, Bryan O'Neal < >>> Bryan.ONeal@theonealandassociates.com> wrote: >>> >>>> Can't mess with IP tables on the server. Well I could but that would >>>> require a week of paperwork ;) >>>> >>>> Something like match ip src 10.208.208.0/21 match ip should work in tc >>>> but how do I say not port? I know I can say sport but not sure about port >>>> and I have no idea how to say "not port" >>>> >>>> as for latency range delay takes 2 arguments so it would be netem delay >>>> 100ms 150ms would be from 100ms-250ms delay. IIRC >>>> >>>> Also you are using outbound/root, which I know is more full featured. >>>> Trying to get something to work on inbound... I think I may just be too >>>> tired and should probably call it a day and try tomorrow... Unless an >>>> expert show up with a magic pill for me so I don't have to think at 7am :) >>>> >>>> On Wed, Feb 24, 2016 at 6:06 PM, Todd Millecam >>>> wrote: >>>> >>>>> tc qdisc add dev eth0 root netem delay 100ms >>>>> iptables -A INPUT -m statistic --mode random --probability 0.01 -j DROP >>>>> >>>>> >>>>> That should get you started >>>>> >>>>> >>>>> On Wed, Feb 24, 2016 at 5:52 PM, Bryan O'Neal < >>>>> Bryan.ONeal@theonealandassociates.com> wrote: >>>>> >>>>>> I am looking for a tc command that will add 100-250ms of latency >>>>>> to all traffic that is not on port 22 >>>>>> to/from an ip range like 10.208.208.0/21. >>>>>> >>>>>> Bonus: >>>>>> I would also like 0-1% packet loss >>>>>> I would like this on inbound (ingress) not outbound (root) traffic >>>>>> >>>>>> Any one able to help? >>>>>> >>>>>> --------------------------------------------------- >>>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>>>>> To subscribe, unsubscribe, or to change your mail settings: >>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Todd Millecam >>>>> >>>>> --------------------------------------------------- >>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>>>> To subscribe, unsubscribe, or to change your mail settings: >>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>>>> >>>> >>>> >>>> --------------------------------------------------- >>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>>> To subscribe, unsubscribe, or to change your mail settings: >>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>>> >>> >>> >>> >>> -- >>> Todd Millecam >>> >> >> >> >> -- >> Todd Millecam >> > > > > -- > Todd Millecam > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss >