There are traffic shaper script for minimal PSPacer + U32 + 2 ethernet router
environment. Main goal to avoid usage netfilter/set/ipset, but with U32 it
needs additional hash programming for IP net arrays.
PSPacer may be found on http://www.gridmpi.org/gridtcp.en.jsp
or http://pspacer.googlecode.com

Just run "./psp-shaper-*.sh -help" && "./psp-shaper-*.sh -show".

Firewall and FWMARKs are advanced modes and needs for advanced kernel features.
FWMARKs used to communicate with netfilter/iptables to provide NAT. I use NAT
only for ushaped/NORMAL class, example of line:
iptables -t nat -A POSTROUTING -o $OUT -m mark --mark 2/2 -j MASQUERADE
Firewall are advanced close some traffic (incoming $INTRANET, etc) and
selected $PORT_CLOSE ports (listed ports are to safe for dummy Windows
users on real IPs against Windows holes).

To maximal routing speed do not use NFMARKs/FIREWALL. Also there are very
experimental.

I am not warranty NOTHING. All still experemental.
(c) Dzianis Kahanovich, GPLv2
http://mahatma.bspu.unibel.by
.