Altering wizard rules



  • Long ago I remember being able to use the wizard and then go back and do some editing to add things that the wizard doesn't incorporate (namely, ssh).

    For the life of me I can't find this in 2.1.  What am I missing?  I'm looking under Firewall->Traffic Shaper.



  • If you have not found it by now, it is under Firewall -> Traffic Shaper -> Wizards.



  • @podilarius:

    If you have not found it by now, it is under Firewall -> Traffic Shaper -> Wizards.

    That takes me to the wizard itself.  I'm looking to edit what the wizard has created (namely to try and add priority for ssh, which the wizard does not offer).



  • The first screen is the resulting queues. If you want to create an new queue, Select WAN, then in the bottom select new queue. Then under LAN -> Internet, create a queue of the same name. Once that is complete, go to Firewall -> Rules -> Floating. In there create a rule that passes port 22 either as a source or destination ( you might have to create 2 rules if you want it bidirectional). In the advanced section, under Ackqueue/Queue, choose the new queue that you created. You can use an existing one if you choose.



  • @podilarius:

    go to Firewall -> Rules -> Floating. In there create a rule that passes port 22 either as a source or destination ( you might have to create 2 rules if you want it bidirectional).

    Ah.  This is what I was looking for.  I found the queues, but had no idea where the matching of traffic to queues was happening.  I duplicated another high priority queue rule and just set it to port 22.

    One thing I don't know how to do is to differentiate interactive vs. bulk ssh traffic.  For example, I want my terminal sessions to take priority over an scp or sftp bulk transfer.  The ssh client deals with this (see more here: http://kerneltrap.org/node/505) by setting the ToS field differently for interactive and bulk ssh traffic.

    It would be kind of nice to have ssh in the wizard, there's a ton of fairly obscure stuff in there already, I was quite surprised to not see ssh in the list of protocols.


Locked