[LARTC] Re: Trying to do some very simple ingress limiting, no
success
Erik Slagter
erik at slagter.name
Mon Apr 10 15:51:47 CEST 2006
On Mon, 2006-04-10 at 15:41 +0200, richard lucassen wrote:
> On Mon, 10 Apr 2006 14:38:10 +0200
> Erik Slagter <erik at slagter.name> wrote:
>
> > > I didn't know there is a problrm with IMQ + netfilter.
> >
> > You just told me ;-)
> >
> > The IMQ handling is done before the netfilter handling...
>
> That's IFB, not IMQ. IFB is an intermediate functional block that
> appeared in kernel 2.6.16. IFB is a device, IMQ is a iptables target
> (and a device)
>
> And IMQ is a kernel patch (and iptables has to be patched as well) while
> IFB is in the mainstream kernel.
Sorry for the mix-up.
Anyway, the result is the same.
Cannot use IMQ because patching iproute2 is not feasible, cannot use IFB
because it's at the wrong location in the chain.
And the simple approach I wanted in the first place, now works.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2771 bytes
Desc: not available
Url : http://mailman.ds9a.nl/pipermail/lartc/attachments/20060410/09ec268b/smime.bin
More information about the LARTC
mailing list