problem about QoS and firewall (not work)

Forums Network Management ZeroShell problem about QoS and firewall (not work)

  • This topic is empty.
Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #40889

    I’m testing ZeroShell release 1.0beta8 in my testing network with function of QoS and bridge.

    I’m found problem about QoS and firewall, I can’t limit maximum bandwidth of P2P connection and can’t block it.

    1. QoS

    In the test pc that run bittorrent, data transfer are not limit. I checking with “View” and saw it traffic match with DEFAULT class.

    I test configured max bandwidth of DEFAULT class limit to 200Kbps, and next my bittorrent decrease download to 22kBps (176kbps)

    !P2P class not work!

    2. Firewall

    Because I can’t limit in with QoS, I try to testing block bittorrent with firewall.

    I make new firewall to DROP and/or REJECT the bittorrent with L7protocol in all chain (FORWARD, INPUT, OUTPUT)

    But my bittorrent has life, it can download file not match with DROP rule

    !Firewall not work!


    Hi launcelot!

    It’s not possible to create 100% reliable P2P filter. For instance, torrent protocol is able to use end-to-end ecnryption and then even deep packet inspection doesn’t do the trick. I guess other protocols do the same as well or are tending to.

    By the way, L7 filter is not intended to use by firewalls but for QoS shapers. IPP2P filter works only for unencrypted traffic.

    What you can do is to create LOW_PRIORITY traffic class where you put packets you don’t know. All other traffic like VoIP, HTTP, SMTP, IMAP, POP3, DNS can be distinguished by L7-filter or by protocol type (ICMP).


Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.