Altering wizard rules
-
Long ago I remember being able to use the wizard and then go back and do some editing to add things that the wizard doesn't incorporate (namely, ssh).
For the life of me I can't find this in 2.1. What am I missing? I'm looking under Firewall->Traffic Shaper.
-
If you have not found it by now, it is under Firewall -> Traffic Shaper -> Wizards.
-
If you have not found it by now, it is under Firewall -> Traffic Shaper -> Wizards.
That takes me to the wizard itself. I'm looking to edit what the wizard has created (namely to try and add priority for ssh, which the wizard does not offer).
-
The first screen is the resulting queues. If you want to create an new queue, Select WAN, then in the bottom select new queue. Then under LAN -> Internet, create a queue of the same name. Once that is complete, go to Firewall -> Rules -> Floating. In there create a rule that passes port 22 either as a source or destination ( you might have to create 2 rules if you want it bidirectional). In the advanced section, under Ackqueue/Queue, choose the new queue that you created. You can use an existing one if you choose.
-
go to Firewall -> Rules -> Floating. In there create a rule that passes port 22 either as a source or destination ( you might have to create 2 rules if you want it bidirectional).
Ah. This is what I was looking for. I found the queues, but had no idea where the matching of traffic to queues was happening. I duplicated another high priority queue rule and just set it to port 22.
One thing I don't know how to do is to differentiate interactive vs. bulk ssh traffic. For example, I want my terminal sessions to take priority over an scp or sftp bulk transfer. The ssh client deals with this (see more here: http://kerneltrap.org/node/505) by setting the ToS field differently for interactive and bulk ssh traffic.
It would be kind of nice to have ssh in the wizard, there's a ton of fairly obscure stuff in there already, I was quite surprised to not see ssh in the list of protocols.