All of lore.kernel.org
 help / color / mirror / Atom feed
From: /dev/rob0 <rob0@gmx.co.uk>
To: netfilter@lists.netfilter.org
Subject: Re: CLASSIFY target confusion
Date: Sat, 10 Sep 2005 14:45:24 -0500	[thread overview]
Message-ID: <200509101445.24816.rob0@gmx.co.uk> (raw)
In-Reply-To: <BAY107-DAV15EE440C9687F21C6C112CB79B0@phx.gbl>

On Saturday 2005-September-10 13:08, Deepak Seshadri wrote:
> Here is a snippet from my script:

Perhaps it's a minor and insignificant detail, but the terminology is 
wrong; these are iptables-save(8) rules, not a script.

> *mangle
> -A POSTROUTING -o eth0 -s 10.0.2.0/24 -j router
> -A router -j CLASSIFY --set-class 1:21
> -A router -p tcp --dport 80 -m layer7 --l7proto exe -j CLASSIFY
> --set-class 1:23
> -A router -j ACCEPT
>
> As you see above:
> - All packets from 10.0.2.x will jump to the chain "router"
> - Here it gets classified to TC's class 1:21

And at that point they are finished in the mangle table POSTROUTING 
chain, and out they go.

> - But if the packet matches the layer-7 policy "exe", it will get
> classified to TC's class 1:23

Unless matched by the first rule, which all traffic does match.

> the class 1:21. Could someone please help me here?

Always assume that any target is a terminating one, unless documented 
otherwise. Reverse the order of the first and second rules, and you 
will get what you want.
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header


  reply	other threads:[~2005-09-10 19:45 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-09-10 18:08 CLASSIFY target confusion Deepak Seshadri
2005-09-10 19:45 ` /dev/rob0 [this message]
2005-09-10 19:54 ` vinod_chandran

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200509101445.24816.rob0@gmx.co.uk \
    --to=rob0@gmx.co.uk \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.