iptables action in tc(8) Linux iptables action in tc(8)NAME
xt - tc iptables action
SYNOPSIS
tc ... action xt -j TARGET [ TARGET_OPTS ]
DESCRIPTION
The xt action allows to call arbitrary iptables targets for packets matching the filter this action is attached to.
OPTIONS -j TARGET [ TARGET_OPTS ]
Perform a jump to the given iptables target, optionally passing any target specific options in TARGET_OPTS.
EXAMPLES
The following will attach a u32 filter to the ingress qdisc matching ICMP replies and using the xt action to make the kernel yell 'PONG'
each time:
tc qdisc add dev eth0 ingress
tc filter add dev eth0 parent ffff: proto ip u32
match ip protocol 1 0xff
match ip icmp_type 0 0xff
action xt -j LOG --log-prefix PONG
SEE ALSO tc(8), tc-u32(8), iptables-extensions(8)iproute2 3 Mar 2016 iptables action in tc(8)
Check Out this Related Man Page
Firewall mark classifier in tc(8) Linux Firewall mark classifier in tc(8)NAME
fw - fwmark traffic control filter
SYNOPSIS
tc filter ... fw [ classid CLASSID ] [ action ACTION_SPEC ]
DESCRIPTION
the fw filter allows to classify packets based on a previously set fwmark by iptables. If it is identical to the filter's handle, the fil-
ter matches. iptables allows to mark single packets with the MARK target, or whole connections using CONNMARK. The benefit of using this
filter instead of doing the heavy-lifting with tc itself is that on one hand it might be convenient to keep packet filtering and classifi-
cation in one place, possibly having to match a packet just once, and on the other users familiar with iptables but not tc will have a less
hard time adding QoS to their setups.
OPTIONS
classid CLASSID
Push matching packets to the class identified by CLASSID.
action ACTION_SPEC
Apply an action from the generic actions framework on matching packets.
EXAMPLES
Take e.g. the following tc filter statement:
tc filter add ... handle 6 fw classid 1:1
will match if the packet's fwmark value is 6. This is a sample iptables statement marking packets coming in on eth0:
iptables -t mangle -A PREROUTING -i eth0 -j MARK --set-mark 6
SEE ALSO tc(8), iptables(8), iptables-extensions(8)iproute2 21 Oct 2015 Firewall mark classifier in tc(8)
Any idea to repeat an action to all the lines in vi...
suppose i want to delete the first word from all the lines in VI .. how would i do it ?
in general i am also looking for a way to apply a action to all the lines in VI . (6 Replies)
i have a firewall with two interfaces eth0 and eth1, eth0 is connected to an external network, and eth0 is connected to a private lan.
im using this command for NAT
iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 223.0.0.3
my questions are :
1) how can i... (4 Replies)
I have in iptables file the following:
-A RUN -p tcp -m tcp -s ipaddress1 --dport xxx --syn -j ACCEPT
-A RUN -p tcp -m tcp -s ipaddress2 --dport xxx --syn -j ACCEPT
And I want to add for each ipaddress1 and ipaddress2 another IP address
Like this:
-A RUN -p tcp -m tcp -s ipaddress1... (2 Replies)
Good afternoon everyone,
It's the iptables n00b again. valiantly learning and reading (and asking for occasional help when I hit a wall - which I think I just did)
So far I've gotten logging enabled for iptables.
Now, I want to drop AND log an IP connection attempt.
Could some wise eyes... (2 Replies)
Hi all,
I want to make this nw diagram:
Small NW ---(eth1)-- Linux iptables --(eth0)---LAN NW
And with these requirements:
1. Allow only 1 Mac address aa-aa-aa-aa-aa-aa from Small NW to LAN NW
2. Allow list of Mac addresses from LAN NW access to Small NW
What will I... (2 Replies)
Hi,
I have a newly built RHEL5 OS that is unable to talk to the DNS server. I am unable to telnet resolv.conf entry over port 53 but apparently this port has been opened.
# telnet 209.212.96.1 53
and.....
# dig www.google.com
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>>... (9 Replies)
I would like to divide traffic between two squid servers.
I have been thinking about using iptables u32 filter, to check last bit of ip address which is comming to gateway. Then I would like to direct even IP adresses to one squid host, and odd to the other. Is it reasonable ?
Thank you for... (2 Replies)
I need to log iptables to see what ports are being dropped. I followed this article and several others I looked at via Google, but it's still not working.
Red Hat Magazine | How do I add logging for iptables using the /etc/sysconfig/iptables file for Red Hat Enterprise Linux4?
I added the... (4 Replies)
Hi,
On my linux server I have 2 routes:
Code:
nexthop via 123.201.254.5 dev eth0 weight 38 nexthop via 111.93.155.149 dev eth2 weight 36
I have a iptable rule like :
iptables -t nat -A PREROUTING -p tcp -i eth0 -d... (5 Replies)
Hi all,
I am running a CentOS 6.4 box as an IDS and I need to configure one interface as the management interface which will require a firewall. However other ports (in promisc mode without IP) will have to be configured such that IPtables allows all traffic.
I need to achieve this by editing... (4 Replies)
I recently installed Centos 6 and is my SOHO firewall/router. The small network is layout like such:
|--eth0(WAN)
Centos 6(firewall/router)
|---eth1(LAN)
|
Switch
|
|
LAN(192.168.3.0/27)
|
|
PCs ----Laptops---Printer... (8 Replies)
I am attempting to block connection to a specific BSSID. My friend's son has been getting around the access restrictions I set for the family on my friend's behalf (I have Tomato running on his Linksys), and his son has access to the neighbour's wifi. I want to be able to block the connection to... (32 Replies)
Dear community,
since I am a german guy, excuse gramatical mistakes.
I create a proxy to hide my application servers public IP from my customers.
I am actually using those 3 lines
(for testing reasons I am forwarding the traffic which connects to the ubuntu proxy to my apache webserver... (1 Reply)
Hi
When there is two or three internet lines How can you ping lost latest to try to cover loadbalance
csf or iptables can do Loadbalance?
Thanks (7 Replies)
Hi
I want to allow mysql connections to my server and I have added the following iptables.
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
Chain FORWARD (policy ACCEPT)
target ... (8 Replies)