Hi, I've been trying to write a tc filter to classify ipv6 traffic based on firewall marks. However, I've discovered that what works well for IPv4 does not work at all for IPv6. Has anyone else been able to get tc filter working for IPv6 firewall marks? Below is a script that illustrates what I'm trying to do, and how I'm testing it. Ideas, and your experiences greatly appreciated. Thanks, Russell #!/bin/bash dev=enp0s25 # clean start iptables -t mangle -F ip6tables -t mangle -F tc qdisc del dev ${dev} root # packet marking iptables -t mangle -I POSTROUTING -d 255.255.255.255 -j MARK --set-mark 1 ip6tables -t mangle -I POSTROUTING -d fe80::1/64 -j MARK --set-mark 1 # qdisc setup and filtering tc qdisc add dev ${dev} root handle 9: htb default 2 tc class add dev ${dev} parent 9: classid 9:1 htb rate 10Mbit tc class add dev ${dev} parent 9: classid 9:2 htb rate 10Mbit tc filter add dev ${dev} protocol all pref 1 handle 1 fw flowid 9:1 # watch results with: # watch tc -s class show dev ${dev} # watch iptables -L -v -n -t mangle # watch ip6tables -L -v -n -t mangle # stimulate with: # ping -b 255.255.255.255 -I ${dev} # ping6 fe80::1%${dev} # Observations: # IPv4 is correctly placed in classid 9:1 # IPv6 is incorrectly placed in 9:2 !!! It should have been placed in 9:1 # The following command shows the IPv6 packets are correctly marked: # ip6tables -L -v -n -t mangle -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html