I have an interesting situation where I am queuing packets on a per-user
basis (sometimes a user has >1 ip assigned to them).
I''m also hoping to have some users get their port 80 traffic silently
redirected to a squid box to perform transparent caching.
Now I can easily add a rule like:
    ip rule add fwmark 123 table whatever.table
But considering that each user has a different fwmark, that wouldn''t be
a
great idea because one rule would be needed for each user.  iptables would
have to not only mark packets for the user with one fwmark, but it would
have to mark packets with a dport of 80 with another fwmark.
If the "ip rule" command could handle mask matching, it would easily
make it
possible to re-route only users with a certain bit in their fwmark that is
toggled to on.  Also with a mask matching ability, one could add just one ip
rule instead of one ip rule per fwmark.
Can anyone add a mask matching ability to ip rule so that one could add a
rule like:
    ip rule add fwmark 255/128 table whatever.table
(matching any fwmark between 128 and 255)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/