[rlug] Re: tc filter fw si port

[Secure-Systems(.ro) Lists]

Catalin(ux aka Dino) BOIE wrote:

>>>Ce vrei sa spui cu "nu se poate scoate filtrul dupa ce l-ai pus"?
>>>Nu merge tc qdisc del dev eth0 root?
>>>Da-mi un exemplu, te rog.
>>>
>>>      
>>>
>>Scuze de reply-ul tarziu...
>>    
>>
>Nici o problema.
>
>  
>
>>o sa iau si eu 2.6.10 sa vad ce si cum se patch-uieste... intre timp...
>>la tc filter del dev eth1....... zice ca error communicating with kernel
>>sau ceva de genu
>>    
>>
>
>Poti sa-mi dai un exemplu complet, te rog?
>Mersi!
>
>  
>
>>Salutam,
>>Radu Oprisan
>>
>>---
>>Detalii despre listele noastre de mail: http://www.lug.ro/
>>
>>
>>    
>>
>
>---
>Catalin(ux aka Dino) BOIE
>catab at deuroconsult.ro
>http://kernel.umbrella.ro/
>
>--- 
>Detalii despre listele noastre de mail: http://www.lug.ro/
>
>
>
>  
>
#!/bin/sh

#a se seta markul final de extern = 99
#a se seta markul final de intern = 98

iptables -t mangle -F
#markul de intern
for a in $(cat /root/metro.routes)
do
    iptables -A FORWARD -i eth0 -t mangle -s $a -d 0/0 -j MARK --set-mark 98
    iptables -A FORWARD -i eth0 -t mangle -s $a -d 0/0 -j RETURN
done
#markul de extern
iptables -A FORWARD -i eth0 -t mangle -s 0/0 -d 0/0 -j MARK --set-mark 99

tc qdisc del dev eth1 root
tc qdisc add dev eth1 root handle 10: htb r2q 2
tc class add dev eth1 parent 10:0 classid 10:1 htb rate 100Mbit ceil 
100Mbit quantum 90

tc class add dev eth1 parent 10:1 classid 10:10 htb rate 2048kbit ceil 
2048kbit


tc class add dev eth1 parent 10:10 classid 10:101 htb rate 16kbit ceil 
128kbit
tc qdisc add dev eth1 parent 10:101 handle 101 sfq perturb 10

tc filter add dev eth1 protocol ip parent 10:0 prio 5 u32 \
match mark 0x62 \
flowid 10:101


--- 
Detalii despre listele noastre de mail: http://www.lug.ro/