#IPTables Regeln (egress)
#Letzte passende Regel gilt.

/sbin/iptables -t mangle -F
ipt1="/sbin/iptables -A POSTROUTING "
ipt="$ipt1 -t mangle -o $DEV -p tcp"

$ipt -m multiport --port 3389 \
  -j MARK --set-mark 10   #RDesktop
$ipt -m multiport --port 5900:5902 \
  -j MARK --set-mark 10   #VNC
$ipt -m multiport --port smtp,ssmtp \
  -j MARK --set-mark 12   #Mailversand

#Uploads > 10MB => "Second-Order Bandwidth"
$ipt -m connbytes --connbytes-dir both \
  --connbytes-mode bytes \
  --connbytes 10485760: \
  -m multiport --port www,https,ftp-data \
  -j MARK --set-mark 12

#Große TCP-ACK-Packete => "Low Latency"
$ipt -m conntrack --ctstate ESTABLISHED \
  -m length --length 0:128 \
  --tcp-flags ACK ACK \
  -j MARK --set-mark 10