Hi to all of you!! On Wednesday 04 April 2007 01:55, Leigh Sharpe wrote: > Hi All, > I need to do some tricky filtering stuff. Can anyone tell me if any of > the following are possible? I am very newby on this, but I think I get some idea of how this whole thing works, so, I want to try to answer you this (if any of you think my answers are wrong, please, correct me!!! -and of course, if you have better ideas of if you know how to do this better, just answer to this thread, I guess Leigh and me will be glad to know about you) > > * match on a combination of firewall mark AND u32 criteria. ie. handle > 6 fw AND u32 match ip src 1.2.3.4/32 - to match packets from 1.2.3.4 > which have been marked elsewhere I guess that if you want to combine filters as a conjunction, you may have two classes (parent and child), and then redirect packets matching filter number one to parent, and from the parent, redirect packets matching filter number two to the child. Maybe something like this: ... # the node where the traffic is classified tc class add ... classid 1:1 ... # just to keep first kind of traffic tc class add ... parent 1:1 classid 1:10 ... # handling traffic matching both criteria at the same time tc class add ... parent 1:10 classid 1:100 ... ... # "handle 6 fw" tc filter add ... parent 1:1 flowid 1:10 # "u32 match ip src 1.2.3.4/32" tc filter add ... parent 1:10 flowid 1:100 > OR > * to OR the values of u32 matches. Something like u32 match ip src > 1.2.3.4/32 OR match ip dst 1.2.3.4/32 - to match packets going to or > from 1.2.3.4 If you are looking for a disjunction, you may have one class and two filters with same parent and flowid: ... # the node where the traffic is classified tc class add ... classid 1:1 ... # handling traffic that comes or goes to 1.2.3.4 tc class add ... parent 1:1 classid 1:10 ... ... # "u32 match ip src 1.2.3.4/32" tc filter add ... parent 1:1 flowid 1:10 # "u32 match ip dst 1.2.3.4/32" tc filter add ... parent 1:1 flowid 1:10 > OR > * to use a mask on firewall marks as per iptables/ebtables MARK matches. ??? I need to pass this time :( > > Regards, > Leigh > > Leigh Sharpe > Network Systems Engineer > Pacific Wireless > Ph +61 3 9584 8966 > Mob 0408 009 502 > Helpdesk 1300 300 616 > email lsharpe@xxxxxxxxxxxxxxxxxxxxxx > web www.pacificwireless.com.au PS: please, sorry if my english confuse you, I know I still need to study very hard. -- Alejandro Ramos Encinosa <alex@xxxxx> Fac. Matemática Computación Universidad de La Habana _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
