* [LARTC] Re: tc filter
@ 2006-08-10 13:38 Jarek Poplawski
2006-08-16 10:16 ` Jarek Poplawski
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Jarek Poplawski @ 2006-08-10 13:38 UTC (permalink / raw)
To: lartc
On 03-08-2006 18:06, doudouyam wrote:
> Hi,
> Is it possible to make a filter with tc which exclude an IP like iptables ??
>
> ex:
> iptable -t mangle -A PREROUTING -i eth0 -d ! 192.168.1.222
> <http://192.168.1.222> -j MARK ...
Maybe there is something like this, I don't know, but you can try
two filters in turn e.g.:
# tc filter add dev eth0 parent 1: proto ip pref 100 \
u32 match ip dst 192.168.1.222 police drop
(or some other "flowid 1:xx" instead of "police drop")
# tc filter add dev eth0 parent 1: proto ip pref 101 \
u32 match ip dst 192.168.1.0/24 flowid 1:99
Jarek P.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread* [LARTC] Re: tc filter 2006-08-10 13:38 [LARTC] Re: tc filter Jarek Poplawski @ 2006-08-16 10:16 ` Jarek Poplawski 2006-08-18 10:28 ` Andy Furniss 2006-08-21 7:56 ` Jarek Poplawski 2 siblings, 0 replies; 4+ messages in thread From: Jarek Poplawski @ 2006-08-16 10:16 UTC (permalink / raw) To: lartc On 10-08-2006 15:38, Jarek Poplawski wrote: ... > # tc filter add dev eth0 parent 1: proto ip pref 100 \ > u32 match ip dst 192.168.1.222 police drop Should be: # tc filter add dev eth0 parent 1: proto ip pref 100 \ u32 match ip dst 192.168.1.222 flowid 1: police \ conform-exceed drop/drop or: # tc filter add dev eth0 parent 1: proto ip pref 100 \ u32 match ip dst 192.168.1.222 flowid 1: action drop Jarek P. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] Re: tc filter 2006-08-10 13:38 [LARTC] Re: tc filter Jarek Poplawski 2006-08-16 10:16 ` Jarek Poplawski @ 2006-08-18 10:28 ` Andy Furniss 2006-08-21 7:56 ` Jarek Poplawski 2 siblings, 0 replies; 4+ messages in thread From: Andy Furniss @ 2006-08-18 10:28 UTC (permalink / raw) To: lartc Jarek Poplawski wrote: > Should be: > # tc filter add dev eth0 parent 1: proto ip pref 100 \ > u32 match ip dst 192.168.1.222 flowid 1: police \ > conform-exceed drop/drop Looks a bit iffy but I haven't tried it - I thought that would be drop whether under or over - if it's valid at all without action/ a police rate. Andy. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ^ permalink raw reply [flat|nested] 4+ messages in thread
* [LARTC] Re: tc filter 2006-08-10 13:38 [LARTC] Re: tc filter Jarek Poplawski 2006-08-16 10:16 ` Jarek Poplawski 2006-08-18 10:28 ` Andy Furniss @ 2006-08-21 7:56 ` Jarek Poplawski 2 siblings, 0 replies; 4+ messages in thread From: Jarek Poplawski @ 2006-08-21 7:56 UTC (permalink / raw) To: lartc On 18-08-2006 12:28, Andy Furniss wrote: > Jarek Poplawski wrote: > >> Should be: >> # tc filter add dev eth0 parent 1: proto ip pref 100 \ >> u32 match ip dst 192.168.1.222 flowid 1: police \ >> conform-exceed drop/drop > > Looks a bit iffy but I haven't tried it - I thought that would be drop > whether under or over - if it's valid at all without action/ a police rate. Maybe I should have written: "Should be with a fairly current iproute2 and kernel:". It's so called "New syntax" ("Old syntax" didn't work for me), to add exceed action for zero rate. According to help rate and burst should be included, but it works anyway. Jarek P. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-08-21 7:56 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2006-08-10 13:38 [LARTC] Re: tc filter Jarek Poplawski 2006-08-16 10:16 ` Jarek Poplawski 2006-08-18 10:28 ` Andy Furniss 2006-08-21 7:56 ` Jarek Poplawski
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.