[LARTC] about fw classifier
Luciano Ruete
luciano at lugmen.org.ar
Tue Jun 20 04:55:48 CEST 2006
El Monday 19 June 2006 23:24, Frank Abel Cancio Bello escribió:
> Hi all!
>
> On http://lartc.org/howto/lartc.adv-filter.html I read that a classifiers
> available bases the decision on how the firewall has marked the packet and
> on http://lartc.org/howto/lartc.qdisc.filters.html the following example:
>
> "tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle 6 fw flowid
> 1:1" "iptables -A PREROUTING -t mangle -i eth0 -j MARK --set-mark 6"
>
> My question is:
>
> In the actuality exist a way of build a classifier based on netfilter mark
> value associated with a connection instead of netfilter mark value
> associated with the packet?
yes, iptables CONNMARK associate MARKs wtih conntrack'ed connections.
It is in kernel's mainlin since 2.6.12, you can find some introductory
infromation[1] over internet or do man iptables for furter information.
[1]http://home.regit.org/?page_id=7
--
Luciano
More information about the LARTC
mailing list