Advanced features

There is also a section on the firewall edit page called Advanced Options. These options only appear if you click on the Display Advanced button. In this section, you will find a series of less commonly used matching criteria. As with the other criteria, the rule will apply if the packets match the criteria. Here are some of the more useful options:

  • Source OS: This will attempt to match the operating system of the source traffic.
  • Diffserv Code Point: A mechanism for providing Quality of Service (QoS) of network traffic. Systems can prioritize traffic based on their code point values.
  • TCP Flags: Matches traffic based on whether certain TCP flags are set.
  • State Type: Specifies a particular state tracking mechanism.
  • No XMLRPC Sync: This prevents a rule from being synced on other CARP members.
  • Schedule: Allows you to specify the time when this rule is valid. You must define a schedule entry to use this option; once you do, the schedules defined will appear here.
  • Gateway: Gateways other than the default one may be specified here.
  • In/Out: Allows you to specify alternative queues and virtual interfaces. This option is useful if you want to redirect matched traffic into a traffic shaping queue.
  • Ackqueue/Queue: Specifies alternative acknowledge queues.

Having a separate queue for TCP ACK packets can be an effective way of ensuring that ACK packets are received by a remote server in a timely manner, thus improving download speeds.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.22.181.154