Hi,
My problem is following now:
I would like to set the filters for port 8099.
I have tried it, but nothing happened.
When I try the same filter for the port 8080 it is working very well.
.) working filter (here I can see the dropped packages):
tc filter add dev eth0 parent ffff: protocol ip u32 match ip dport 8080 0xffff police rate 1kbit burst 1 drop flowid :1
.) not working filter (here I can`t see the dropped packages):
tc filter add dev eth0 parent ffff: protocol ip u32 match ip dport 8099 0xffff police rate 1kbit burst 1 drop flowid :1
Maybe it is a problem of the port forwarding, because I have set the forwarding of the incoming traffic on 8099 to port 8080.
iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere iacapp3.local tcp dpt:8099 to:192.168.0.10:8080
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
So my goal is to restrict incoming access only to port 8099 an not 8080 (where the filters work)!
Gernot
-----Ursprüngliche Nachricht-----
Von: Andy Furniss [mailto:andy.furniss@xxxxxxxxxxxxx]
Gesendet: Dienstag, 19. April 2005 23:50
An: Grames Gernot
Cc: 'lartc@xxxxxxxxxxxxxxx'
Betreff: Re: AW: AW: [LARTC] Activate ingress policies on suse enterprise serv er 9
Grames Gernot wrote:
>
> Good Morning,
>
> Thanks for your hint, now I can see the dropped packages!
> But it is only working for port 8080 why not for port 8099??
>
> (If you need some indices please let me know)
I don't know why it should work for 8080 and not 8099 - I don't think I
quite understand your setup amd aims.
Andy.
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
