Forum Replies Created

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • in reply to: problem about QoS and firewall (not work) #46130

    Hi launcelot!

    It’s not possible to create 100% reliable P2P filter. For instance, torrent protocol is able to use end-to-end ecnryption and then even deep packet inspection doesn’t do the trick. I guess other protocols do the same as well or are tending to.

    By the way, L7 filter is not intended to use by firewalls but for QoS shapers. IPP2P filter works only for unencrypted traffic.

    What you can do is to create LOW_PRIORITY traffic class where you put packets you don’t know. All other traffic like VoIP, HTTP, SMTP, IMAP, POP3, DNS can be distinguished by L7-filter or by protocol type (ICMP).


    in reply to: Firewall – Rate Limit? #45158

    You can also limit ICMP traffic by creating QoS rule for ICMP and combine it with maximum ICMP echo-request size in your Firewall.

    For instance common icmp echo-request size from windows workstation is 32+28=60B. If you create QoS class with maximum speed of 600B/s=4800bit/s, then you will allow only 10 requests/second.

Viewing 2 posts - 1 through 2 (of 2 total)