Re: Marking ftp inbound traffic is impossible ?

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

ngo giang wrote:
Hello,
I searched the archives mailing list of LARTC. Everyone discussed about marking outbound ftp
traffic . I could not find any thread discussed about marking inbound ftp traffic.
With inbound ftp traffic , we don't know the random ports specified by ftp servers in passive mode ?
So marking inbound ftp traffic is impossible ?
If it is possible, can you tell me,
Thanks in advance,
nhgiang

Use CONNMARK and owner match. For example, to mark incoming and ougoing packets of vsftpd with fwmark 12 use the following ...

iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
iptables -t mangle -A OUTPUT -m owner --cmd-owner vsftpd -j MARK-set-mark 12
iptables -t mangle -A OUTPUT -j CONNMARK --save-mark

_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux