There is also a section on the firewall edit page called Advanced Options. These options only appear if you click on the Display Advanced button. In this section, you will find a series of less commonly used matching criteria. As with the other criteria, the rule will apply if the packets match the criteria. Here are some of the more useful options:
- Source OS: This will attempt to match the operating system of the source traffic.
- Diffserv Code Point: A mechanism for providing Quality of Service (QoS) of network traffic. Systems can prioritize traffic based on their code point values.
- TCP Flags: Matches traffic based on whether certain TCP flags are set.
- State Type: Specifies a particular state tracking mechanism.
- No XMLRPC Sync: This prevents a rule from being synced on other CARP members.
- Schedule: Allows you to specify the time when this rule is valid. You must define a schedule entry to use this option; once you do, the schedules defined will appear here.
- Gateway: Gateways other than the default one may be specified here.
- In/Out: Allows you to specify alternative queues and virtual interfaces. This option is useful if you want to redirect matched traffic into a traffic shaping queue.
- Ackqueue/Queue: Specifies alternative acknowledge queues.
Having a separate queue for TCP ACK packets can be an effective way of ensuring that ACK packets are received by a remote server in a timely manner, thus improving download speeds.