23/11/2001 : This page is not valid. Plz go to docum.org 

When you want to shape the traffic on a firewall who is doing masquerading, you can use the mark option in the firewall rult to mark the packets. With the fw filter, it is possible to use this matk to classify the packets. These mark will survive the masquerading in the firewall, but will not sended. So you can't use the same mask on an other machine in the network.

You can shape the traffic on a linux box with 2 NIC's in bridge mode. But you can not use all the classifiers. In the help-files I found the following. It's not about the Bridge options itself, but about forwarding between high speed NIC's just like brdiging does. I tried to use the fw filter on a bridge and indeed, it's not working.

From help in the kernel:

CONFIG_NET_FASTROUTE:

Saying Y here enables direct NIC-to-NIC (NIC = Network Interface
Card) data transfers on the local network, which is fast.

IMPORTANT NOTE: This option is NOT COMPATIBLE with "Network packet
filtering" (CONFIG_NETFILTER). Say N here if you say Y there.

However, it will work with all options in the "IP: advanced router"
section (except for "IP: use TOS value as routing key" and
"IP: use FWMARK value as routing key").

At the moment, few devices support fast switching (tulip is one of
them, a modified 8390 driver can be found at
ftp://ftp.inr.ac.ru/ip-routing/fastroute/fastroute-8390.tar.gz ).

If unsure, say N.