On 1/28/07, Michael Brown <knightmb at knightmb dot dyndns dot org> wrote:
> Well, I think there is a mis-understanding here. You can traffic shape
> inbound traffic, but it's not possible to make it "instant". When you
> traffic shape outbound traffic, you already know your "limits" and
> m0n0wall responds to this accordingly. With inbound traffic, even when
> you know your "limits" inbound, you can't account for limits that exist
> outside of your connection.
This is correct, but much more detailed than I had time to get into
(or have time to comment much on now). Shaping incoming traffic from
the Internet is complex. You don't shape the traffic that's coming in
on the WAN because that's not helping you any - you need to shape
outbound ACK's appropriately to have any sort of control on incoming
traffic. The easiest way to limit your NNTP traffic is to use a NNTP
client that allows you to limit its speed.