> The traffic will be ingress on eth0.2, but it will be treated as > egress on ifb0 device. > Using ifb is a common scheme to overcome the above-mentioned limitation. >From the point of view of queueing/TC this is true, however it will not pass through the neftilter hooks while going through the IFB, so iptables/conntrack will still have no chance to see it until after it's already egressed the qdisc attached to the IFB. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
