How should I be writing rules that match egress HTTP traffic?
Ideally I would match WAN clients hitting my server without touching LAN
traffic or HTTP traffic originating from the box (wget or whatever).
Things that don't work or don't work the way I want.
Anything using direction
config classify
option target "Bulk"
option proto "tcp"
option ports "80,443"
option direction "in"
config classify
option target "Bulk"
option proto "tcp"
option ports "80,443"
option direction "in"
option dsthost "192.168.8.8"
config classify
option target "Bulk"
option proto "tcp"
option ports "80,443"
option direction "in"
option srchost "192.168.8.8"
Not using direction
config classify
option target "Bulk"
option proto "tcp"
option ports "80,443"
# option direction "in"
option dsthost "192.168.8.8"
config classify
option target "Bulk"
option proto "tcp"
option ports "80,443"
# option direction "in"
option srchost "192.168.8.8"
Trying stuff with ports
config classify
option target "Bulk"
option proto "tcp"
option dstports "80,443"
# option direction "in"
option dsthost "192.168.8.8"
config classify
option target "Bulk"
option proto "tcp"
option srcports "80,443"
# option direction "in"
# option srchost "192.168.8.8"
From my understanding of where QoS "slots" in to the filtering chain it
should be able to see traffic originating from the WAN destined for a
specific host right?
It shouldn't be this hard for me to match incoming HTTP traffic
specifically hitting my HTTP server.
What am I missing?
NB: When using dst/srchost iptables6 tries to use the ipv4 address.
Someone kick me to file a bug when I get this working.
ip6tables v1.4.21: host/network `192.168.8.8' not found
Try `ip6tables -h' or 'ip6tables --help' for more information.
_______________________________________________
openwrt-users mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
