[LARTC] about fw classifier
Frank Abel Cancio Bello
frankabel at tesla.cujae.edu.cu
Tue Jun 20 22:17:06 CEST 2006
On Monday 19 June 2006 10:55 pm, Luciano Ruete wrote:
> El Monday 19 June 2006 23:24, Frank Abel Cancio Bello escribió:
> > Hi all!
> >
> > On http://lartc.org/howto/lartc.adv-filter.html I read that a classifiers
> > available bases the decision on how the firewall has marked the packet
> > and on http://lartc.org/howto/lartc.qdisc.filters.html the following
> > example:
> >
> > "tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle 6 fw flowid
> > 1:1" "iptables -A PREROUTING -t mangle -i eth0 -j MARK --set-mark 6"
> >
> > My question is:
> >
> > In the actuality exist a way of build a classifier based on netfilter
> > mark value associated with a connection instead of netfilter mark value
> > associated with the packet?
>
> yes, iptables CONNMARK associate MARKs wtih conntrack'ed connections.
>
> It is in kernel's mainlin since 2.6.12, you can find some introductory
> infromation[1] over internet or do man iptables for furter information.
>
> [1]http://home.regit.org/?page_id=7
Thanks!
All seem that is impossible make a tc filter with connmark directly.
Salute
Frank Abel
__________________________________________
XIII Convención Científica de Ingeniería y Arquitectura
28/noviembre al 1/diciembre de 2006
Cujae, Ciudad de la Habana, Cuba
http://www.cujae.edu.cu/eventos/convencion
More information about the LARTC
mailing list