I have entries in my tcrules file like the following..
1:F 10.0.0.0/24 0.0.0.0/0 tcp 4500 # Ragnarok
1:F 0.0.0.0/0 10.0.0.0/24 tcp - 4500
1:F 10.0.0.0/24 0.0.0.0/0 udp 4500
1:F 0.0.0.0/0 10.0.0.0/24 udp - 4500
1:F 10.0.0.0/24 0.0.0.0/0 tcp 6900 # Ragnarok
1:F 0.0.0.0/0 10.0.0.0/24 tcp - 6900
1:F 10.0.0.0/24 0.0.0.0/0 udp 6900
1:F 0.0.0.0/0 10.0.0.0/24 udp - 6900
I have a few questions about this.
Firstly some details about my setup. I have approximately a 2 meg
upstream connection from my ISP, and ration a large chunk of it to
uploads for a dedicated upload server with low priority. I've got a
default chunk in the middle which is medium priority and medium
bandwidth. web surfing, most video games, and anything else falls into
this category. Then I have a high priority category with low bandwidth
which is reserved for ssh connections, icmp, tcp syn/ack/fin, and other
low bandwidth, high priority connections. among them are a few games
which I play all the time. this is for one game in particular, but many
of my games follow a similar pattern.
also, I'm only shaping outbound traffic.
here are my questions:
1) are the pairs of rules for the tcp source/destination pairs
necessary, or will one pair work? (...tcp 4500/...tcp - 4500)
2) can I use one rule for tcp,udp or do I need separate rules for both.
3) can I use one rule per game and have multiple ports specified, or
will that yield unpredictable results? (ie: tcp 4500,6900)
I'd like to add that I've read all the howtos on the shorewall website,
as well as reading as much of the documentation as I can understand, but
I couldn't find a clear answer to these, and it's difficult for me to
generate enough bandwidth to test the different configurations "on
demand" to see if or how they work.