Raghuvendra Kumar wrote:
Hi all,
> [...]
[root@scotch src]#tc filter add dev eth0 protocol ip u32 match ip dsfield 8 police drop
its showing error "Illegal "match".
Can any one of you guide me , what is the correct way of doing it.
Its imporatnt, Please post reply ASAP.
For instance:
tc qdisc add dev eth0 root handle 1: hfsc default 99
# (.. remaining classes / etc. ..)
tc filter add dev eth0 parent 1:0 protocol ip prio 1 u32 \
match ip dsfield 0x08 0xff action drop
Remember that mask is mandatory.
Also check out doc/actions directory for info about extended actions in
iproute tarball.
Out of curiosity - why not just:
iptables -A OUTPUT -o eth0 -p udp --sport 5060 -j DROP
... or with something like -j REJECT --reject-with icmp-port-unreachable,
depending on your needs. Assuming it's not just for testing purposes, and
you actually want to drop the traffic generated by your host from that
particular port.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
