All of lore.kernel.org
 help / color / mirror / Atom feed
* 'ip route' and 'ipset'...
@ 2020-01-31 15:06 Marco Gaiarin
  2020-01-31 15:49 ` Phil Sutter
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Marco Gaiarin @ 2020-01-31 15:06 UTC (permalink / raw)
  To: lartc


There's a way to use 'ipset' (eg, host list) in a route, eg 'ip route'
and/or 'ip rule'?


Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: 'ip route' and 'ipset'...
  2020-01-31 15:06 'ip route' and 'ipset' Marco Gaiarin
@ 2020-01-31 15:49 ` Phil Sutter
  2020-01-31 16:34 ` Marco Gaiarin
  2020-01-31 20:10 ` Anton Danilov
  2 siblings, 0 replies; 4+ messages in thread
From: Phil Sutter @ 2020-01-31 15:49 UTC (permalink / raw)
  To: lartc

Hi,

On Fri, Jan 31, 2020 at 04:06:25PM +0100, Marco Gaiarin wrote:
> There's a way to use 'ipset' (eg, host list) in a route, eg 'ip route'
> and/or 'ip rule'?

Not to my knowledge, but you may use nftables' route type chains to
implement policy routing in nftables which supports sets natively. If
any of paket mark, source or destination address or TOS fields are
changed by a rule in route type chain, routing decision will be redone
for the packet.

Cheers, Phil

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: 'ip route' and 'ipset'...
  2020-01-31 15:06 'ip route' and 'ipset' Marco Gaiarin
  2020-01-31 15:49 ` Phil Sutter
@ 2020-01-31 16:34 ` Marco Gaiarin
  2020-01-31 20:10 ` Anton Danilov
  2 siblings, 0 replies; 4+ messages in thread
From: Marco Gaiarin @ 2020-01-31 16:34 UTC (permalink / raw)
  To: lartc

Mandi! Phil Sutter
  In chel di` si favelave...

> Not to my knowledge,

OK.


> but you may use nftables' route type chains to
> implement policy routing in nftables which supports sets natively. If
> any of paket mark, source or destination address or TOS fields are
> changed by a rule in route type chain, routing decision will be redone
> for the packet.

Aaahh... i've forgot to specify: it is 'local' traffic, so i've no
'PREROUTE' and 'POSTROUTE' to mark to...

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: 'ip route' and 'ipset'...
  2020-01-31 15:06 'ip route' and 'ipset' Marco Gaiarin
  2020-01-31 15:49 ` Phil Sutter
  2020-01-31 16:34 ` Marco Gaiarin
@ 2020-01-31 20:10 ` Anton Danilov
  2 siblings, 0 replies; 4+ messages in thread
From: Anton Danilov @ 2020-01-31 20:10 UTC (permalink / raw)
  To: lartc

Hello
If you want to reroute local traffic, you can match packets with ipset
and mark them in raw/OUTPUT table to change the route decision.

On Fri, 31 Jan 2020 at 19:36, Marco Gaiarin <gaio@sv.lnf.it> wrote:
>
> Mandi! Phil Sutter
>   In chel di` si favelave...
>
> > Not to my knowledge,
>
> OK.
>
>
> > but you may use nftables' route type chains to
> > implement policy routing in nftables which supports sets natively. If
> > any of paket mark, source or destination address or TOS fields are
> > changed by a rule in route type chain, routing decision will be redone
> > for the packet.
>
> Aaahh... i've forgot to specify: it is 'local' traffic, so i've no
> 'PREROUTE' and 'POSTROUTE' to mark to...
>
> --
> dott. Marco Gaiarin                                     GNUPG Key ID: 240A3D66
>   Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
>   Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
>   marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797
>
>                 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
>         (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)



-- 
Anton Danilov.

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-01-31 20:10 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-01-31 15:06 'ip route' and 'ipset' Marco Gaiarin
2020-01-31 15:49 ` Phil Sutter
2020-01-31 16:34 ` Marco Gaiarin
2020-01-31 20:10 ` Anton Danilov

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.