Match packet mark with --set-mark to ip rule fwmark

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Here I am trying something simple.
My objective is to make ip rule fwmark command work :)

Network Diagram:
--- 192.168.250.197 (eth0) Linux Box (eth1) 192.168.8.88 -------------192.168.8.122 (eth0) Windows XP Client

Configuration done on Linux Box:-

(1) [root@g webauth]# iptables -t mangle -A PREROUTING -j MARK --set-mark 5
[root@g webauth]# iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
MARK       all  --  anywhere             anywhere           MARK set 0x5

(2) [root@g webauth]# ip rule add fwmark 5 table test2

[root@g webauth]# ip rule
0:      from all lookup local
32765:  from all fwmark        5 lookup test2
32766:  from all lookup main
32767:  from all lookup 253

(3) [root@g webauth]# ip ro show table test2
prohibit 192.168.8.122

I expect ping from 192.168.8.122 to 192.168.250.197 to be drop, BUT is is
successful. Why?
Did I miss out anything? Please advice.

Thank you
Kaiwen


[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux