How to use the --set-mark mechanism to do the accessing limit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi!
     I am doing a small project about firewall in linux in which I will use the --set-mark mechanism to do the accessing limit .For example ,The user of LAN 1 can access Server 1 and can't access Server 2 through --set-mark mechanism ,The user of LAN 2 can access 
Server 2 and can't access Server 1 .I 'm going to use the netfilter/iptables frame.
The data package from LAN 1 will be set mark 1 and the data package from LAN 2 will
be set mark 2 in PREROUTING chain in mangle table . My problem is that where to match 
the data package ? In POSTROUTING chain ? Is need to register functions in Netfilter framework ? Is need to use iprouter2 ? and which one is the best ?
 
 I hope I could explain my point well.
 I will really appreciate any help.
 Thanks. 
 
 Sincerely,
 chewhai

        chhj@xxxxxxxxxxx
          2006-03-20
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux