You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
67 lines
1.4 KiB
67 lines
1.4 KiB
.TH "Firewall mark classifier in tc" 8 "21 Oct 2015" "iproute2" "Linux"
|
|
|
|
.SH NAME
|
|
fw \- fwmark traffic control filter
|
|
.SH SYNOPSIS
|
|
.in +8
|
|
.ti -8
|
|
.BR tc " " filter " ... " fw " [ " classid
|
|
.IR CLASSID " ] [ "
|
|
.B action
|
|
.IR ACTION_SPEC " ]"
|
|
.SH DESCRIPTION
|
|
the
|
|
.B fw
|
|
filter allows to classify packets based on a previously set
|
|
.BR fwmark " by " iptables .
|
|
If it is identical to the filter's
|
|
.BR handle ,
|
|
the filter matches.
|
|
.B iptables
|
|
allows to mark single packets with the
|
|
.B MARK
|
|
target, or whole connections using
|
|
.BR CONNMARK .
|
|
The benefit of using this filter instead of doing the
|
|
heavy-lifting with
|
|
.B tc
|
|
itself is that on one hand it might be convenient to keep packet filtering and
|
|
classification in one place, possibly having to match a packet just once, and on
|
|
the other users familiar with
|
|
.BR iptables " but not " tc
|
|
will have a less hard time adding QoS to their setups.
|
|
.SH OPTIONS
|
|
.TP
|
|
.BI classid " CLASSID"
|
|
Push matching packets to the class identified by
|
|
.IR CLASSID .
|
|
.TP
|
|
.BI action " ACTION_SPEC"
|
|
Apply an action from the generic actions framework on matching packets.
|
|
.SH EXAMPLES
|
|
Take e.g. the following tc filter statement:
|
|
|
|
.RS
|
|
.EX
|
|
tc filter add ... handle 6 fw classid 1:1
|
|
.EE
|
|
.RE
|
|
|
|
will match if the packet's
|
|
.B fwmark
|
|
value is
|
|
.BR 6 .
|
|
This is a sample
|
|
.B iptables
|
|
statement marking packets coming in on eth0:
|
|
|
|
.RS
|
|
.EX
|
|
iptables -t mangle -A PREROUTING -i eth0 -j MARK --set-mark 6
|
|
.EE
|
|
.RE
|
|
.SH SEE ALSO
|
|
.BR tc (8),
|
|
.BR iptables (8),
|
|
.BR iptables-extensions (8)
|