* [gentoo-user] tc filter add ... fails
@ 2015-11-26 12:52 lee
2015-12-09 8:56 ` Andrew Savchenko
0 siblings, 1 reply; 3+ messages in thread
From: lee @ 2015-11-26 12:52 UTC (permalink / raw
To: gentoo-user
Hi,
it seems I might be missing some kernel modules:
,----
| heimdali ~ # tc filter add dev ppp0 parent ffff: protocol all prio 10 basic police mpu 64 rate 16000kbit burst 10kb action drop
| RTNETLINK answers: Invalid argument
| We have an error talking to the kernel
| heimdali ~ #
`----
This is a filter shorewall would add. I have enabled options as shown
in [1]. How can I find out which modules I'm missing, or what else went
wrong?
[1]: https://wiki.gentoo.org/wiki/Traffic_shaping
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-user] tc filter add ... fails
2015-11-26 12:52 [gentoo-user] tc filter add ... fails lee
@ 2015-12-09 8:56 ` Andrew Savchenko
2015-12-09 10:33 ` Peter Humphrey
0 siblings, 1 reply; 3+ messages in thread
From: Andrew Savchenko @ 2015-12-09 8:56 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 885 bytes --]
Hi,
On Thu, 26 Nov 2015 13:52:20 +0100 lee wrote:
> it seems I might be missing some kernel modules:
>
>
> ,----
> | heimdali ~ # tc filter add dev ppp0 parent ffff: protocol all prio 10 basic police mpu 64 rate 16000kbit burst 10kb action drop
> | RTNETLINK answers: Invalid argument
> | We have an error talking to the kernel
> | heimdali ~ #
> `----
>
>
> This is a filter shorewall would add. I have enabled options as shown
> in [1]. How can I find out which modules I'm missing, or what else went
> wrong?
See your dmesg after such command, it usually contains a hint on
what is wrong. Also it is much better to write iptables / iproute /
tc rules manually then using high level generators like shorewall —
this will give you a good understanding on what is going on and how
to optimize or tighten your setup.
Best regards,
Andrew Savchenko
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-user] tc filter add ... fails
2015-12-09 8:56 ` Andrew Savchenko
@ 2015-12-09 10:33 ` Peter Humphrey
0 siblings, 0 replies; 3+ messages in thread
From: Peter Humphrey @ 2015-12-09 10:33 UTC (permalink / raw
To: gentoo-user
On Wednesday 09 December 2015 11:56:39 Andrew Savchenko wrote:
> ... Also it is much better to write iptables / iproute /
> tc rules manually then using high level generators like shorewall —
> this will give you a good understanding on what is going on and how
> to optimize or tighten your setup.
I don't often disagree with a Gentoo dev, but if I were to attempt this I'd
certainly make a hash of it, and we're often told that a badly set up
firewall is worse than none.
I've been very happy with shorewall for many years and I intend to continue
with it.
--
Rgds
Peter
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-12-09 10:34 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-11-26 12:52 [gentoo-user] tc filter add ... fails lee
2015-12-09 8:56 ` Andrew Savchenko
2015-12-09 10:33 ` Peter Humphrey
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox