Based on http://gargoyle-router.com/phpbb/viewtopic.php?f=5&t=58, add these lines to /etc/firewall.user to limite the # of new P2P connections per minute, where [start]:[end] is the port range of your P2P application.
Code: Select all
iptables -N limitP2P
iptables -I FORWARD -j limitP2P
iptables -I INPUT -j limitP2P
iptables -A limitP2P -p tcp --dport [start]:[end] -m state --state NEW -m limit --limit 10/minute --limit-burst 10 -j RETURN
iptables -A limitP2P -p tcp --dport [start]:[end] -m state --state NEW -j DROPCode: Select all
iptables -I zone_lan_forward -i br-lan -o br-lan -j ACCEPTCode: Select all
config 'include'                  
   option 'path' '/etc/firewall.user'Code: Select all
net.ipv4.netfilter.ip_conntrack_max=1024
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
net.ipv4.netfilter.ip_conntrack_udp_timeout=60
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
Finally, I disabled non-critical services like Dynamic DNS (not needed), the bandwidth monitor, and even the Web interface at the SSH console.
Code: Select all
/etc/init.d/ddns_gargoyle disable
/etc/init.d/ddns_gargoyle stop
/etc/init.d/httpd_gargoyle disable
/etc/init.d/httpd_gargoyle stop
/etc/init.d/bwmon_gargoyle stop  
/etc/init.d/bwmon_gargoyle disableCode: Select all
ssh root@[router IP] /etc/init.d/httpd_gargoyle start
ssh root@[router IP] /etc/init.d/httpd_gargoyle stop
And that's it. I can now get almost near-realtime response on services requiring minimum latency (e.g. typing at a remote SSH console), along with P2P traffic backgrounded so as not to be too disruptive. Or to put it plainly, the QoS now works noticeably better than it did using Gargoyle firmware out of the box.
Could folks share their own RAM-conserving tips?
