On Fri, 2006-06-23 at 01:17 +0300, Radu Oprisan wrote: > Torsten Luettgert wrote: > > On Thu, 2006-06-22 at 11:28 -0300, Luciano wrote: > > > Let me explain... > Due to the fact that vlan id's add some 4 bytes to the header of the > packet, tc filter does not work properly unless you feed it with an > offset and a hex match. I use 801.q and TC with iptables and tc filter > rules based on iptables mark with great success. I admit it is more > complicated this way, but it works... > > iptables -A FORWARD -t mangle -d xxx.xxx.xxx.xxx -j MARK --set-mark 12 > iptables -A FORWARD -t mangle -d xxx.xxx.xxx.xxx -j RETURN Oh, I see. Didn't ever think of those problems, because I never use tc filters. My setup would look like iptables -t mangle -A FORWARD -d x.y.z.t -j CLASSIFY --set-class 10:112 which removes a bit of the complexity. Regards, Torsten _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
