From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Furniss Date: Thu, 12 May 2005 20:18:48 +0000 Subject: Re: [LARTC] IPTables script Message-Id: <4283BA28.3080509@dsl.pipex.com> List-Id: References: <200505121414.56363.lartc-337@ccp.com.au> In-Reply-To: <200505121414.56363.lartc-337@ccp.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Lee Sanders wrote: >>Ok I thought you were trying to match src addresses, and that would be a >>problem because of masquerading ;) >> > > yep. > So you need to use addresses before nat - just mark them in iptables postrouting like. iptables -t mangle -A POSTROUTING --src 192.168.0.2 -j MARK --set-mark 32 then filter them with tc something like - tc filter add dev $UPIF parent 1:0 prio 4 protocol ip handle 32 fw flowid 1:32 > On this, can anyone help with: http://lartc.org/howto/lartc.adv-filter.html > > 12.1.3. Specific selectors > > The following table contains a list of all specific selectors the author of > this section has found in the tc program source code. They simply make your > life easier and increase readability of your filter's configuration. > > FIXME: table placeholder - the table is in separate file ,,selector.html'' > FIXME: it's also still in Polish :-( > FIXME: must be sgml'ized > > I'm quite happy to read polish to get at the list they are offering. They may well be outdated now anyway - there is work going on currently with tc eg. ematches - just not many docs yet. Andy. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc