I’ve been promoting Firehol to those who needs a good firewall. Firehol is actually not a firewall by itself, it’s a firewall scripting language, which is very easy to use even for newbies. Underneath, it uses Linux’s iptables to build the firewall.
I recommend Firehol to others because it’s really easy to script (and I mean it), therefore minimizing the chance for human error; but it still allows us to build a complex firewall should there’s a need to do so. And because everything is configured via a file (/etc/firehol.conf), I can easily manage firewall for servers all over the world via SSH connection.
But I still yet to find a good traffic shaper solution to accompany this. I’ve been asked by a client where I installed Firehol as part of my consulting work there, she needs a way to control bandwidth utilization of her Internet connection. So far, I couldn’t find anything suitable.
Some traffic shaper requires its own firewall, some needs dedicated server for itself, others just plain cumbersome to manage, and so on.
Luckily, today I read on firehol’s mailing list about [ CTshaper ].
It was based on Wondershaper, but has since developed extensively and no longer resembles it. What’s special about it is that CTshaper is similar to Firehol in terms of easy of use, and also it can work with our existing Firehol setup. It couldn’t be easier, just include “extras/shaper.conf” on top of Firehol’s config file, and that’s it. I like how simple this is.
Hopefully you’ll find it useful too.