| View previous topic :: View next topic |
| Author |
Message |
salam
Apprentice
Joined: 29 Sep 2005
Posts: 227
|
 Posted: Wed Jan 11, 2006 7:04 pm Post subject: iptables/ipmark target - any documentation, experience? |
 |
|
hello.
in patch-o-matic i've found quite good feature of iptables to mark connections by ip on larger networks. sadly, i was unable to google any more detailed documentation to the marking procedure. there are 2 parameters described:
| Quote: | --and-mask mask Perform bitwise `and' on the IP address and this mask.
--or-mask mask Perform bitwise `or' on the IP address and this mask. |
and a short example:
| Quote: | Earlier we had many rules just like below:
iptables -t mangle -A POSTROUTING -o eth3 -d 192.168.5.2 -j MARK
--set-mark 0x10502
iptables -t mangle -A POSTROUTING -o eth3 -d 192.168.5.3 -j MARK
--set-mark 0x10503
...
Using IPMARK target we can replace all the mangle/mark rules with only one:
iptables -t mangle -A POSTROUTING -o eth3 -j IPMARK --addr=dst
--and-mask=0xffff --or-mask=0x10000 |
do you have some experience with these and/or masks? how the counting between ip and mark works? |
|
| Back to top |
|
 |
R!tman
Veteran
Joined: 18 Dec 2003
Posts: 1303
Location: Zurich, Switzerland
|
| Posted: Wed Jan 11, 2006 7:17 pm Post subject: |
|
|
| Hi, I have no experience with iptable, at least not much, but maybe this helps. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
