On Fri, 27 Jun 2003, John Voigt wrote:

> I can't seem to figure out how to set up asymmetric firewall rules.  Is it
> possible?  If not, can it be added?

Actually, you usually have to go out of your way *not* to get asymmetric
rules. :-) Rules are based on the source and destination of packets, not
connections.

> Why?  Well, for wireless lans the wireless portion is half-duplex (all
> radios are on the same channel and only 1 can transmit at a time) so it is
> highly desirable to set higher bandwidth out from the AP and lower bandwidth
> back in from the client radios.

It seems to me what you're really trying to do is insure that as much
downstream bandwidth is available as upstream, even though the downstream
sender is only 1/N of the WLAN "users".  I think what you want to do is
classify the downstream and upstream flows as separate queues equally
sharing the same pipe.  I don't think you need a bandwidth limit on the
pipe (let nature take its course there).  Assuming the WLAN is a distinct
subnet, then using the WLAN subnet address and mask as the source or
destination in a filter rule should classify upstream and downstream
traffic, respectively.  It shouldn't be necessary to special-case the AP's
IP, since it wouldn't usually be used as the endpoint address for
connections not involving the WLAN.

					Fred Wright