Example Customized Qos - Forum.Ipfire.Org 1/13/21, 8:36 PM

Example Customized QoS - forum.ipfire.org 1/13/21, 8:36 PM

forum.ipfire.org The old IPFire Forum Archive Search… ! "

* Quick links # FAQ $ Login

% Home ‹ Index ‹ English Area ‹ IPFire in General

Example Customized QoS Post Reply & + , Search this topic… ! " 20 posts 1 2 '

Example Customized QoS / bloater99 . by bloater99 » May 18th, 2015, 7:05 pm Posts: 482 Joined: October 13th, 2014, 3:47 pm Now that I have a well-running QoS system in place for awhile, I am posting my customized QoS in case it can help anyone. I thought of adding it to the wiki, but I don't know if the devs want customized examples or if they prefer examples stick to the default Preset.

Some notes: -We have a 10/2 Mbps cable connection. I dropped maximum rates by 5% (9.5/1.9 Mbps) within the classes to help prevent modem bu!ers from bloating. Thanks to N0man for his posts on bu!er bloat. -I had to delete/recreate many of the classes because you cannot edit a Class to change its priority. -When you delete/create Classes, the QoS graph will often break. Don't worry. Give it a minute and refresh the page and it will start working again. -Because the QoS graph uses consistent colors in sequential order, having the outbound and inbound classes line up by class # makes the colors match up in the graphs. Example: Web class is red on both outbound and inbound graphs; Email class is grey in both outbound and inbound graphs. I had to add a class (Ping) to Inbound in order to make this happen. By default, there is one fewer class in inbound than in outbound. -In my network, Web gets higher priority than VPN (the default presets are opposite). -I monitored maximal transfer rates in the Ping, DNS/RTP, and VPN inbound classes for a week and adjusted my guaranteed rates according to the observed maximal rates, so they were guaranteed at least the highest rate I observed. For example, Class 101 never got higher than 70.6 KB/sec (565 kbps) and typically was much lower (about half that) so I guaranteed 500 kbps and capped the Max to 700 kbps. -There is conﬂicting info about whether mail ports ever use UDP protocol or not, so I just threw UDP equivalents of all rules in to make sure I covered all bases. -Class 111/211 (Misc) consists of layer7 protocols that are discouraged on my network. I am unaware that they are even in use, but I set this class up just to observe if any of these protocols are detected, with intentionally low bandwidth restrictions in case anyone is trying to use them.

ATTACHMENTS ipfire.qos-1.pdf (759.89 KiB) Downloaded 3777 times -

Re: Example Customized QoS / . by furryfennec » May 23rd, 2015, 7:17 pm

Just wanted to say thanks for this! I'm sure it will help folks out trying to understand the basics of QoS in IPFire. Very clear and concise presentation.

furryfennec

Posts: 6 Joined: September 13th, 2011, 12:54 am Location: Foster Brooks' house -

Re: Example Customized QoS / dnl . by dnl » September 18th, 2015, 12:05 pm Posts: 375 Joined: June 28th, 2013, 11:03 am Hey bloater99 thanks for this!

I've been investigating QoS for my network but do not seem to have any defaults, despite defaults being mentioned in the wiki page.

Would you please be able to post a copy of the text files in the /var/ipfire/qos directory? These files mean that others can copy your configuration without having to enter it all manually:

classes subclasses tosconfig portconfig level7config

I like how you've aligned all the protocols. If you're comfortable working in a shell, it is easier to ﬁx the order of things directly in the ﬁles.

Thanks!

IPFire 2.x (Latest Update) on x86_64 Intel Bay Trail CPU, 4GiB RAM, RED + GREEN + BLUE + ORANGE -

Re: Example Customized QoS / bloater99 . by bloater99 » September 18th, 2015, 1:02 pm Posts: 482 Joined: October 13th, 2014, 3:47 pm dnl,

I'll try to get those text ﬁles posted today. If not, then early next week. Of course since I posted this, I've tweaked qos a bit more, so my current settings don't match my original post.

I do know I removed Class 111/211 because I was getting strange results on the qos graph. I'd get massive, impossible jumps in bandwidth (like 500 MB/sec on a 100Mbit network with 10Mbit internet) that seemed to go away when I removed 111/211. And these bandwidth jumps would only show on the qos graph, not on the network graphs at Status->Network.

I also increased the guaranteed bandwidth on some of the lowest set classes to 100kbps because of kernel complaints (HTB: quantum of class 20202 is small. Consider r2q change.) I decided as long as my guaranteed bandwidths for all classes totaled less than my total bandwidth, it wouldn't hurt to bump these up a little bit and stop the kernel complaints.

When I get the text ﬁles, I'll also post an updated PDF. -

Re: Example Customized QoS / bloater99 . by bloater99 » September 18th, 2015, 7:18 pm Posts: 482 Joined: October 13th, 2014, 3:47 pm While going through the text ﬁles, I noticed something strange. In the 'settings' ﬁle there are two values: DEF_INC_SPD=9000 DEF_OUT_SPD=1800

These values do not match anything I have set through the GUI. I am guessing these are the speeds for class 210/110. But my speeds for these classes are 9500 and 1900. Anyone know what's going on?

Rather than attaching text ﬁles, I will paste the text here, as I wanted to go through and edit out some private ports.

classes imq0;200;1;100;100;;;8;Ping; imq0;202;2;100;1000;;;8;DNS/RTP; imq0;203;3;3000;9500;;;8;Web; imq0;204;4;100;7500;;;2;VPN; imq0;205;5;2000;9500;;;2;Email; imq0;210;6;100;9500;;;0;Default; red0;101;1;500;1000;;;8;Ping; red0;102;2;100;1000;;;8;DNS/RTP; red0;103;3;500;1900;;;8;Web; red0;104;4;500;1900;;;2;VPN; red0;105;5;200;1900;;;2;Email; red0;110;6;100;1900;;;0;Default;

subclasses is empty...

tosconﬁg is empty...

portconﬁg 120;red0;udp;;465;;; 120;red0;udp;;587;;; 120;red0;udp;;;;25; 200;imq0;icmp;;;;; 202;imq0;tcp;;53;;; 202;imq0;udp;;53;;; 203;imq0;tcp;;443;;; 203;imq0;tcp;;80;;; 220;imq0;tcp;;110;;; 220;imq0;tcp;;993;;; 220;imq0;tcp;;995;;; 220;imq0;tcp;;;;110; 220;imq0;tcp;;;;993; 220;imq0;tcp;;;;995; 220;imq0;udp;;110;;; 220;imq0;udp;;993;;; 220;imq0;udp;;995;;; 220;imq0;udp;;;;110; 220;imq0;udp;;;;993; 220;imq0;udp;;;;995; 204;imq0;esp;;;;; 204;imq0;tcp;;1194;;; 204;imq0;tcp;;;;1194; 204;imq0;udp;;1194;;; 204;imq0;udp;;;;1194; 204;imq0;udp;;4500;;4500; 204;imq0;udp;;500;;500; 205;imq0;tcp;;110;;; 205;imq0;tcp;;993;;; 205;imq0;tcp;;995;;; 205;imq0;tcp;;;;110; 205;imq0;tcp;;;;993; 205;imq0;tcp;;;;995; 205;imq0;udp;;110;;; 205;imq0;udp;;993;;; 205;imq0;udp;;995;;; 205;imq0;udp;;;;110; 205;imq0;udp;;;;993; 205;imq0;udp;;;;995;

level7conﬁg 102;red0;dns;;; 102;red0;rtp;;; 102;red0;skypetoskype;;; 103;red0;http;;; 103;red0;ssl;;; 104;red0;rdp;;; 104;red0;ssh;;; 104;red0;vnc;;; 105;red0;imap;;; 105;red0;smtp;;; 202;imq0;dns;;; 202;imq0;rtp;;; 202;imq0;skypetoskype;;; 203;imq0;http;;; 203;imq0;ssl;;; 204;imq0;rdp;;; 204;imq0;ssh;;; 204;imq0;vnc;;; 205;imq0;imap;;; 205;imq0;pop3;;;

And lastly, a fresh PDF of the GUI page. ipfire.qos.091815.pdf (486.46 KiB) Downloaded 1136 times

Re: Example Customized QoS / dnl . by dnl » September 19th, 2015, 10:38 am Posts: 375 Joined: June 28th, 2013, 11:03 am Thanks! That's the information I was after! Thank you also for the tip about the kernel error, I'm seeing those also.

I also have DEF_INC_SPD and DEF_OUT_SPD deﬁned, and they are both 90% of the value of my Downlink and Uplink speeds. I guess they're calculated, but I'm not sure what the purpose is for.

As an aside, I wonder if using level 7 ﬁlters is more CPU intensive than just using port ﬁlters? -

Re: Example Customized QoS / bloater99 . by bloater99 » September 19th, 2015, 9:53 pm Posts: 482 Joined: October 13th, 2014, 3:47 pm Glad I could help!

Yes, I noticed those two DEF_ lines were calculated at 90% of bandwidth limit too. I'm not sure what their purpose is either...

I've read that level7 ﬁlters ARE more cpu intensive, but if they are, it's still low on my network. I rarely see the cpu climb over 10% during the busiest times of day.

Cheers!

Wiki update & a home-specific class definition / dnl . by dnl » September 23rd, 2015, 1:43 am Posts: 375 Joined: June 28th, 2013, 11:03 am FYI: I've edited the QoS page in the wiki. It should be still technically accurate, but is now less confusing for a beginner. I removed the unhelpful DSL-speciﬁc table. People need to calculate their own bandwidth and not rely on the bandwidth their ISP reports.

Can you quickly review the page and let me know if you think anything is incorrect?

Also, I've been using your example but changed the order around. Here's a skeleton of the parent classes I'm thinking of switching to for a home connection.

I'll deﬁne the speciﬁc tra"c by preferring port rules over layer 7 rules and I'll only include tra"c we actually use, rather than all tra"c which could exist in a particular class

101 ACK, priority 1, TOS 8, Not sure why IPFire separates ACKs out, but since it does I'll keep this. I'll also have a (201 ACK Placeholder) class so that the colours align in the QoS graphs (good idea by the way). 102 Network Services, priority 1, TOS 8, For ping, routing protocols (if required), DNS, NTP 103 Real-time comms, priority 2, TOS 8, VoIP, instant-messaging, Google Chat, Google Cloud Messaging, Skype, etc) 104 VPN, priority 3, TOS 4, For an inbound VPN, if used at all. 105 Streaming Video, priority 4, TOS 4, For YouTube NetFlix, etc (This might be lower priority for a business connection) 107 Web, priority 5, TOS 4, For general web tra"c 108 Email, priority 6, TOS 2, Low priority, but with a guaranteed bandwidth 110 Default, priority 6, TOS not set. 111 File Transfer, priority 7, TOS 1, For ftp, rsync, NNTP (news), Bittorrent, depending on use.

I'd use identical for downlink rules. -

Re: Example Customized QoS / bloater99 . by bloater99 » September 23rd, 2015, 3:12 pm Posts: 482 Joined: October 13th, 2014, 3:47 pm dnl,

I think the wiki page looks great. Some nice improvements and polish. I don't see anything incorrect but more eyes will help. I did make a few minor changes (grammatical) as I read the page from top to bottom.

When you get your QoS rules in place and working, please post them here (along with port and level7 changes) so that others may beneﬁt.

Thanks!

Re: Wiki update & a home-specific class definition / bloater99 . by bloater99 » September 23rd, 2015, 9:09 pm Posts: 482 Joined: October 13th, 2014, 3:47 pm

/ dnl wrote: [*]105 Streaming Video, priority 4, TOS 4, For YouTube NetFlix, etc (This might be lower priority for a business connection)

How do you plan to classify YouTube and Netﬂix to separate it from Web? I don't know of any speciﬁc ports or protocols these two services use that would allow this to happen. I'd like to do this, so if you know, please share.

I know on Tomato ﬁrmware, you have the ability to assign a MAC address to a QoS Class, which would be great, but I don't see that you can do that in IPFire...

Re: Wiki update & a home-specific class definition / dnl . by dnl » September 23rd, 2015, 11:20 pm Posts: 375 Joined: June 28th, 2013, 11:03 am

/ bloater99 wrote: How do you plan to classify YouTube and Netﬂix to separate it from Web? I don't know of any speciﬁc ports or protocols these two services use that would allow this to happen. I'd like to do this, so if you know, please share.

I know on Tomato ﬁrmware, you have the ability to assign a MAC address to a QoS Class, which would be great, but I don't see that you can do that in IPFire...

Yes, good question! At this stage I've not come up with a solution to either example. I did happily ﬁnd that Spotify web play uses a Flash port (1935 TCP). However aside from trying to put chunks of google's network in a rule, I'm not yet sure how to ﬁlter YouTube.

How does MAC address ﬁltering help? I guess you're talking about a dedicated media PC/chromecast or the like? We use all PCs/Tablets for streaming at some point so that solution wouldn't work for me. -

Re: Example Customized QoS / dnl . by dnl » September 24th, 2015, 12:45 am Posts: 375 Joined: June 28th, 2013, 11:03 am For YouTube, I wonder if there's some way to classify packets based on their source DNS domain (not IP)? Ideally it would do the lookup on each new connection, no more frequently than that. -

Re: Wiki update & a home-specific class definition / bloater99 . by bloater99 » September 24th, 2015, 2:58 pm Posts: 482 Joined: October 13th, 2014, 3:47 pm

/ dnl wrote: How does MAC address ﬁltering help? I guess you're talking about a dedicated media PC/chromecast or the like? We use all PCs/Tablets for streaming at some point so that solution wouldn't work for me.

Yes, that's exactly what I'm referring to. It would be neat if there were such a thing as layer7 protocols for "netﬂix" and "youtube".

Re: Wiki update & a home-specific class definition / dnl . by dnl » September 25th, 2015, 1:28 am Posts: 375 Joined: June 28th, 2013, 11:03 am

/ bloater99 wrote: Yes, that's exactly what I'm referring to. It would be neat if there were such a thing as layer7 protocols for "netﬂix" and "youtube".

Well youtube is using HTML 5 over https. There is a mime type of video/mp4 I wonder if we can ﬁlter on that somehow?

In the short-term, I've identiﬁed the network ranges used by youtube for my country (while the network was quiet, I queued some HD videos and just used IPFire's "Connections" page to identify the source IPs and then their networks) and added them to the streaming class. It's not a long-term solution as content delivery networks can change. -

Re: Example Customized QoS / dnl . by dnl » September 26th, 2015, 1:40 am Posts: 375 Joined: June 28th, 2013, 11:03 am My QoS settings for a home connection are getting close, although I've not properly solved the streaming media problem we've discussed.

I can't seem to get the layer 7 'ftp' ﬁlter to work. All my FTP tra"c is ending up in the default class after the connection is established and data is exchanged over a random high port. I'm not sure why?

I've also noticed an annoying bug where if you edit a class, but then do not save it (by choosing another menu option in the web user interface) the class definition is removed. The good news is that if you add a new class definition with the same number it correctly inherits all the various rules you've already defined for it, saving you from having to do them all again. Because of that bug I've ended up doing most of my editing in files and just restarting QoS each time. -

Post Reply & + , 0 , 20 posts 1 2 '

( Return to “IPFire in General”

% Home ‹ Index ) Delete cookies All times are UTC

https://forum.ipfire.org/viewtopic.php?f=27&t=13571 Page 1 of 2 Example Customized QoS - Page 2 - forum.ipfire.org 1/13/21, 8:38 PM

forum.ipfire.org The old IPFire Forum Archive Search… ! "

* Quick links # FAQ $ Login

% Home ‹ Index ‹ English Area ‹ IPFire in General

Example Customized QoS Post Reply & + , Search this topic… ! " 20 posts ' 1 2

Re: Example Customized QoS / bloater99 . by bloater99 » September 28th, 2015, 4:19 pm Posts: 482 Joined: October 13th, 2014, 3:47 pm dnl,

Our conversation has inspired me to make an organizational change to my rules. Basically, I am combining icmp, dns and ntp together into Class 101/200 and using Class 102/202 for RTP, Skypetoskype, and gaming ports (such as 25565 for minecraft). So ping and dns got get top priority while realtime streaming and gaming get prioritized above web (my Class 3). Maximum bandwidth is capped pretty low since that's not needed for these protocols. They do get priority, which is what they do need, though.

Re: Example Customized QoS / dnl . by dnl » September 29th, 2015, 11:01 am Posts: 375 Joined: June 28th, 2013, 11:03 am Cool!

I've been looking around the internet for good usage examples of QoS, but keep ﬁnding Cisco-speciﬁc things which don't have any actual example usages, just the syntax for Cisco's IOS.

Anyway, if you're curious here's my current conﬁguration in ﬁles. Note that I've not included a VPN class yet and I've sadly got terrible "broadband" here:

/var/ipﬁre/qos/services (Note that I shifted ACK to the end of the 100-range classes, but have not changed its priority. I've also given each class the minimal guaranteed bandwidth I can without errors - this is something I plan to tweak later. It's annoying that I've got such a small upload bandwidth, but that's life. For now just having QoS priorities is adequate.)

CODE: SELECT ALL

imq0;202;1;80;3000;;;8;Services (ping,DNS,NTP); imq0;203;2;80;4970;;;8;IM & VoIP Downlink; imq0;204;3;80;4970;;;4;Streaming Media Down; imq0;205;4;80;4970;;;4;Web Downlink; imq0;210;5;80;4970;;;0;Default Downlink; imq0;211;6;80;4970;;;2;Email Downlink; imq0;212;7;80;4970;;;2;File Transfer Downlink; ppp0;102;1;80;900;;;8;Services (ping,DNS,NTP); ppp0;103;2;80;930;;;8;IM & VoIP Uplink; ppp0;104;3;80;930;;;4;Streaming Media Uplink; ppp0;105;4;80;930;;;4;Web Uplink; ppp0;110;5;80;930;;;0;Default Uplink; ppp0;111;6;80;930;;;2;Email Uplink; ppp0;112;7;80;930;;;1;File Transfer Uplink;

/var/ipfire/qos/portconfig (note the google ranges which seem to host youtube for me. I've not researched netflix yet)

CODE: SELECT ALL

102;ppp0;icmp;;;;; 102;ppp0;tcp;;;;123; 102;ppp0;tcp;;;;53; 102;ppp0;udp;;;;123; 102;ppp0;udp;;;;53; 103;ppp0;tcp;;;;5004; 103;ppp0;tcp;;;;5060; 103;ppp0;tcp;;;;5061; 103;ppp0;tcp;;;;5228; 103;ppp0;tcp;;;;5229; 103;ppp0;tcp;;;;5230; 103;ppp0;udp;;;;5004; 103;ppp0;udp;;;;5060; 103;ppp0;udp;;;;5061;

/var/ipfire/qos/level7config (The FTP filter refuses to work!!)

CODE: SELECT ALL

112;ppp0;ftp;;; 212;ppp0;ftp;;; 203;imq0;skypetoskype;;; 103;ppp0;skypetoskype;;;

/var/ipﬁre/qos/tosconﬁg (I'm experimenting with this - I do get some packets with existing QoS tags, I'll have to do packet capture to determine what they're for)

CODE: SELECT ALL

203;imq0;8; 204;imq0;4; 103;ppp0;8; 104;ppp0;4;

Re: Example Customized QoS / bloater99 . by bloater99 » September 30th, 2015, 3:43 pm Posts: 482 Joined: October 13th, 2014, 3:47 pm

/ dnl wrote: I've been looking around the internet for good usage examples of QoS, but keep ﬁnding Cisco-speciﬁc things which don't have any actual example usages, just the syntax for Cisco's IOS.

Yeah, me too. There is some QoS wisdom in the DD-WRT and Tomato firmware websites/forums that you might find useful with a little googling. I recall reading some posts from someone who uses QoS on an old Linksys WRT54GL with an open source firmware to provide service to a large apartment complex. He claims excellent performance with many dozens of users with his methodology.

Re: Example Customized QoS / apexcomputers . by apexcomputers » December 28th, 2015, 6:34 am Posts: 28 Joined: March 20th, 2015, 1:50 pm bloater99 any chance of getting the code from your QoS conﬁg ﬁles? Location: Busselton, Western Australia - copy/paste via SSH is so much easier than submitting through the GUI

Jarred - Apex Computers (Australia)

Re: Example Customized QoS / bloater99 . by bloater99 » January 8th, 2016, 2:51 pm Posts: 482 Joined: October 13th, 2014, 3:47 pm

/ apexcomputers wrote: bloater99 any chance of getting the code from your QoS conﬁg ﬁles? - copy/paste via SSH is so much easier than submitting through the GUI

I already did, on the ﬁrst page of this thread: viewtopic.php?f=27&t=13571#p90378

Post Reply & + , 0 , 20 posts ' 1 2

( Return to “IPFire in General”

% Home ‹ Index ) Delete cookies All times are UTC

https://forum.ipfire.org/viewtopic.php?f=27&t=13571&start=15 Page 1 of 2 System Status Network Services Firewall IPFire Logs Traﬃc: In 50.71 kBit/s Out 28.55 kBit/s

QoS

Quality of Service: RUNNING

Downlink speed (kbit/sec):10000 Uplink speed (kbit/sec):2000 downlink standard class:210 uplink standard class:110 ACKs:101

red0 Graph, Uplink

Hour - Day - Week - Month - Year

imq0 Graph, Downlink

Hour - Day - Week - Month - Year

Class: 101 Ping

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith red0 101 1 500 700 8 Remark: Ping Queueing: Port-Rule: (icmp)

Class: 102 DNS/RTP

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith red0 102 2 10 1000 8 Remark: DNS/RTP Queueing: Level7-Protocol: dns

Level7-Protocol: rtp

Level7-Protocol: skypetoskype

Port-Rule: (tcp) Destination port: 53

Port-Rule: (udp) Destination port: 53

Class: 103 Web

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith red0 103 3 500 1900 8 Remark: Web Queueing: Level7-Protocol: http

Level7-Protocol: ssl

Port-Rule: (tcp) Destination port: 443

Port-Rule: (tcp) Destination port: 80

Class: 104 VPN

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith red0 104 4 500 1900 2 Remark: VPN Queueing: Level7-Protocol: rdp

Level7-Protocol: ssh

Level7-Protocol: vnc

Port-Rule: (esp)

Port-Rule: (tcp) Source port: 1194

Port-Rule: (tcp) Destination port: 1194

Port-Rule: (udp) Source port: 1194

Port-Rule: (udp) Source port: 4500 Destination port: 4500

Port-Rule: (udp) Source port: 500 Destination port: 500

Port-Rule: (udp) Destination port: 1194

Class: 105 Email

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith red0 105 5 300 1900 2 Remark: Email Queueing: Level7-Protocol: imap

Level7-Protocol: smtp

Port-Rule: (tcp) Source port: 25

Port-Rule: (tcp) Source port: 465

Port-Rule: (tcp) Source port: 587 Port-Rule: (tcp) Destination port: 25

Port-Rule: (tcp) Destination port: 465

Port-Rule: (tcp) Destination port: 587

Port-Rule: (udp) Source port: 25

Port-Rule: (udp) Source port: 465

Port-Rule: (udp) Source port: 587

Port-Rule: (udp) Destination port: 25

Port-Rule: (udp) Destination port: 465

Port-Rule: (udp) Destination port: 587

Class: 110 Default

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith red0 110 6 10 1900 0 Remark: Default Queueing:

Class: 111 Misc

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith red0 111 7 1 1 0 Remark: Misc Queueing: Level7-Protocol: aim

Level7-Protocol: applejuice

Level7-Protocol: bittorrent

Level7-Protocol: irc

Level7-Protocol: jabber

Level7-Protocol: msn-filetransfer

Level7-Protocol: msnmessenger

Level7-Protocol: napster

Level7-Protocol: telnet

Level7-Protocol: tor

Level7-Protocol: yahoo

Class: 200 Ping

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith imq0 200 1 10 100 8 Remark: Ping Queueing: Port-Rule: (icmp)

Class: 202 DNS/RTP

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith imq0 202 2 50 1000 8 Remark: DNS/RTP Queueing: Level7-Protocol: dns

Level7-Protocol: rtp

Level7-Protocol: skypetoskype

Port-Rule: (tcp) Source port: 53

Port-Rule: (udp) Source port: 53 Class: 203 Web

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith imq0 203 3 3000 9500 8 Remark: Web Queueing: Level7-Protocol: http

Level7-Protocol: ssl

Port-Rule: (tcp) Source port: 443

Port-Rule: (tcp) Source port: 80

Class: 204 VPN

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith imq0 204 4 100 5000 2 Remark: VPN Queueing: Level7-Protocol: rdp

Level7-Protocol: ssh

Level7-Protocol: vnc

Port-Rule: (esp)

Port-Rule: (tcp) Source port: 1194

Port-Rule: (tcp) Destination port: 1194

Port-Rule: (udp) Source port: 1194

Port-Rule: (udp) Source port: 4500 Destination port: 4500

Port-Rule: (udp) Source port: 500 Destination port: 500

Port-Rule: (udp) Destination port: 1194

Class: 205 Email

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith imq0 205 5 2000 9500 2 Remark: Email Queueing: Level7-Protocol: imap

Level7-Protocol: pop3

Port-Rule: (tcp) Source port: 110

Port-Rule: (tcp) Source port: 993

Port-Rule: (tcp) Source port: 995

Port-Rule: (tcp) Destination port: 110

Port-Rule: (tcp) Destination port: 993

Port-Rule: (tcp) Destination port: 995

Port-Rule: (udp) Source port: 110

Port-Rule: (udp) Source port: 993

Port-Rule: (udp) Source port: 995

Port-Rule: (udp) Destination port: 110

Port-Rule: (udp) Destination port: 993

Port-Rule: (udp) Destination port: 995

Class: 210 Default

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith imq0 210 6 10 9500 0 Remark: Default Queueing:

Class: 211 Misc

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith imq0 211 7 1 1 0 Remark: Misc Queueing: Level7-Protocol: aim

Level7-Protocol: applejuice

Level7-Protocol: bittorrent

Level7-Protocol: irc

Level7-Protocol: jabber

Level7-Protocol: msn-filetransfer

Level7-Protocol: msnmessenger

Level7-Protocol: napster

Level7-Protocol: telnet

Level7-Protocol: tor

Level7-Protocol: yahoo

IPFire 2.17 (i586) - Core Update 89 IPFire.org • Support the IPFire project with your donation System Status Network Services Firewall IPFire Logs Traﬃc: In 8.97 MBit/s Out 331.91 kBit/s

QoS

Quality of Service: RUNNING

Downlink speed (kbit/sec):10000 Uplink speed (kbit/sec):2000 downlink standard class:210 uplink standard class:110 ACKs:101

red0 Graph, Uplink

Hour - Day - Week - Month - Year

imq0 Graph, Downlink

Hour - Day - Week - Month - Year

Class: 101 Ping

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith red0 101 1 500 1000 8 Remark: Ping Queueing: Port-Rule: (icmp) Class: 102 DNS/RTP

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith red0 102 2 100 1000 8 Remark: DNS/RTP Queueing: Level7-Protocol: dns

Level7-Protocol: rtp

Level7-Protocol: skypetoskype

Port-Rule: (tcp) Destination port: 53

Port-Rule: (udp) Destination port: 53

Class: 103 Web

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith red0 103 3 500 1900 8 Remark: Web Queueing: Level7-Protocol: http

Level7-Protocol: ssl

Port-Rule: (tcp) Destination port: 443

Port-Rule: (tcp) Destination port: 80

Class: 104 VPN

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith red0 104 4 500 1900 2 Remark: VPN Queueing: Level7-Protocol: rdp

Level7-Protocol: ssh

Level7-Protocol: vnc

Port-Rule: (esp)

Port-Rule: (tcp) Source port: xxxx

Port-Rule: (tcp) Destination port: xxxx

Port-Rule: (udp) Source port: xxxx

Port-Rule: (udp) Source port: xxxx Destination port: xxxx

Port-Rule: (udp) Destination port: xxxx

Class: 105 Email

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith red0 105 5 200 1900 2 Remark: Email Queueing: Level7-Protocol: imap

Level7-Protocol: smtp

Port-Rule: (tcp) Source port: 25

Port-Rule: (tcp) Source port: 465

Port-Rule: (tcp) Source port: 587

Port-Rule: (tcp) Destination port: 25

Port-Rule: (tcp) Destination port: 465

Port-Rule: (tcp) Destination port: 587 Port-Rule: (udp) Source port: 25

Port-Rule: (udp) Source port: 465

Port-Rule: (udp) Source port: 587

Port-Rule: (udp) Destination port: 25

Port-Rule: (udp) Destination port: 465

Port-Rule: (udp) Destination port: 587

Class: 110 Default

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith red0 110 6 100 1900 0 Remark: Default Queueing:

Class: 200 Ping

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith imq0 200 1 100 100 8 Remark: Ping Queueing: Port-Rule: (icmp)

Class: 202 DNS/RTP

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith imq0 202 2 100 1000 8 Remark: DNS/RTP Queueing: Level7-Protocol: dns

Level7-Protocol: rtp

Level7-Protocol: skypetoskype

Port-Rule: (tcp) Source port: 53

Port-Rule: (udp) Source port: 53

Class: 203 Web

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith imq0 203 3 3000 9500 8 Remark: Web Queueing: Level7-Protocol: http

Level7-Protocol: ssl

Port-Rule: (tcp) Source port: 443

Port-Rule: (tcp) Source port: 80

Class: 204 VPN

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith imq0 204 4 100 7500 2 Remark: VPN Queueing: Level7-Protocol: rdp

Level7-Protocol: ssh

Level7-Protocol: vnc

Port-Rule: (esp)

Port-Rule: (tcp) Source port: xxxx

Port-Rule: (tcp) Destination port: xxxx

Port-Rule: (tcp) Destination port: xxxx Port-Rule: (tcp) Destination port: xxxx

Port-Rule: (udp) Source port: xxxx

Port-Rule: (udp) Source port: xxxx Destination port: xxxx

Port-Rule: (udp) Destination port: xxxx

Class: 205 Email

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith imq0 205 5 2000 9500 2 Remark: Email Queueing: Level7-Protocol: imap

Level7-Protocol: pop3

Port-Rule: (tcp) Source port: 110

Port-Rule: (tcp) Source port: 993

Port-Rule: (tcp) Source port: 995

Port-Rule: (tcp) Destination port: 110

Port-Rule: (tcp) Destination port: 993

Port-Rule: (tcp) Destination port: 995

Port-Rule: (udp) Source port: 110

Port-Rule: (udp) Source port: 993

Port-Rule: (udp) Source port: 995

Port-Rule: (udp) Destination port: 110

Port-Rule: (udp) Destination port: 993

Port-Rule: (udp) Destination port: 995

Class: 210 Default

Guaranteed Maximum Interface Class Priority Burst Ceil Burst TOS Action bandwith bandwith imq0 210 6 100 9500 0 Remark: Default Queueing:

IPFire 2.17 (i586) - Core Update 93 IPFire.org • Support the IPFire project with your donation