From: /dev/rob0 <rob0@gmx.co.uk>
To: netfilter@lists.netfilter.org
Subject: Re: CLASSIFY target confusion
Date: Sat, 10 Sep 2005 14:45:24 -0500 [thread overview]
Message-ID: <200509101445.24816.rob0@gmx.co.uk> (raw)
In-Reply-To: <BAY107-DAV15EE440C9687F21C6C112CB79B0@phx.gbl>
On Saturday 2005-September-10 13:08, Deepak Seshadri wrote:
> Here is a snippet from my script:
Perhaps it's a minor and insignificant detail, but the terminology is
wrong; these are iptables-save(8) rules, not a script.
> *mangle
> -A POSTROUTING -o eth0 -s 10.0.2.0/24 -j router
> -A router -j CLASSIFY --set-class 1:21
> -A router -p tcp --dport 80 -m layer7 --l7proto exe -j CLASSIFY
> --set-class 1:23
> -A router -j ACCEPT
>
> As you see above:
> - All packets from 10.0.2.x will jump to the chain "router"
> - Here it gets classified to TC's class 1:21
And at that point they are finished in the mangle table POSTROUTING
chain, and out they go.
> - But if the packet matches the layer-7 policy "exe", it will get
> classified to TC's class 1:23
Unless matched by the first rule, which all traffic does match.
> the class 1:21. Could someone please help me here?
Always assume that any target is a terminating one, unless documented
otherwise. Reverse the order of the first and second rules, and you
will get what you want.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
next prev parent reply other threads:[~2005-09-10 19:45 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-10 18:08 CLASSIFY target confusion Deepak Seshadri
2005-09-10 19:45 ` /dev/rob0 [this message]
2005-09-10 19:54 ` vinod_chandran
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200509101445.24816.rob0@gmx.co.uk \
--to=rob0@gmx.co.uk \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.