On Fri, 2 Feb 2001, Pavarani Giovanna wrote: > Talking about DSCP field... > > iptables is said to provide all the features of ipchains and something more and > better organized, but with ipchains I was able to set all the DSCP values > in the TOS field, with iptables it seems this is no more possible, only few > values are permitted. > > For example: > > > iptables -t mangle -A PREROUTING -s 10.0.0.2 -j TOS --set-tos 0xb8 > > gives me: > > iptables v1.1.2:Bad TOS value '0xb8' > > Am I doing something wrong? Nope. Look into linux/ip.h as all the "legal" values are defined there and maintained there. I hacked on TOS to make the FTOS module available through the patch-o-matic. FTOS will allow you to set any value between 0-255 into the DSCP field. But it will not check if a value already exists. The syntax is: iptables -t mangle -A PREROUTING -s 10.0.0.2 -j FTOS --set-ftos 0xab If all you are looking to do is set the field to any value that will work - also works in the POSTROUTING chain for outgoing. Enjoy. > Thank you > Regards, > Giovanna Pavarani > > > > > > On Tue, Jan 23, 2001 at 01:59:00PM +0100, Tom Aernoudt wrote: > > > > > > Isn't it possible with iptables to filter on DSCP field? > > > > Why don't you ask this question on the iptables/netfilter mailinglist? > > > > Anyway, answer is: No. > > > > Not because the framework isn't capable of that. Just because nobody > > implememnted a match yet. > > > > > Thanks, > > > Tom Aernoudt > > > -------------------------------------------------- Matthew G. Marsh, President Paktronix Systems LLC 1506 North 59th Street Omaha NE 68104 Phone: (402) 932-7250 Email: mgm@xxxxxxxxxxxxx WWW: http://www.paktronix.com --------------------------------------------------
