Also, when creating a traffic shaping address rule, it’d be nice if I could select a host group rather than just individual addresses/hosts.
I think that shorewall syntax does not support multiple IPs in tcpri. We’d need some code to expand a group to one rule for each group member.
Thank you for answering this. Am I correct that a specified host could be from any zone (LAN or WAN)? My reasoning behind this question was that a VoIP service provider may specify many IPs that their VoIP traffic would come from. Creating a host group containing all of those IPs and being able to specify it in a traffic shaping rule would reduce clutter and overlap in rules.
We could try to match VoIP traffic with ToS field or other ways instead of IP addresses.
You mean a traffic shaping port rule? It just says “Destination port” and doesn’t appear to allow a range of ports. This causes a similar issue to what I mentioned with address rules. This would be a good solution if it were possible to select a “service” filewall object.
While I’m asking for features… would it be possible to create a service groups feature(similar to host groups)?
No, usually, VoIP traffic packets come marked from the VoIP device uing the ToS IP field (don’t ask me more, I’m no expert in VoIP).
Haha! I’m not a VoIP expert either.
Just thought it’d be easier to manage that way. I know SonicWall routers have service groups, host groups, and you can apply traffic shaping rules to either.