Displaying 20 results from an estimated 10000 matches similar to: "match ip dst works, match ip dport doens''t."
2009 Oct 08
3
[Bug 612] New: conntrack returns src, dst, dport and sport all zeroed
http://bugzilla.netfilter.org/show_bug.cgi?id=612
Summary: conntrack returns src, dst, dport and sport all zeroed
Product: libnfnetlink
Version: unspecified
Platform: i386
OS/Version: other
Status: NEW
Severity: major
Priority: P1
Component: libnfnetlink
AssignedTo: laforge at netfilter.org
2017 Nov 13
2
[Bug 1202] New: Cannot match on both dport and sport in one nftables rule
https://bugzilla.netfilter.org/show_bug.cgi?id=1202
Bug ID: 1202
Summary: Cannot match on both dport and sport in one nftables
rule
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
2007 Dec 06
3
HTB performance improvement
HTB performance improvement
Hi all !
i''m looking at the performance of the HTB algorithm/implementation because i would like more packets/sec !!
this is the scenario of the performance test:
i''m using an embedded system with:
SPEED CPU: 399,999 MHz
RAM: 128 MByte
FLASH: 16 MByte
EEPROM: 8Kbyte
PROCESSOR MPC8272
a lan to lan 10/100 and in particular we are sending
2004 Jul 09
3
tc filter + bridging + htb -- works only if ip_forward = 0
I thought that the below email would be of interest to LARTC readers. I
wasted quite a bit of time tracking down this "feature" (bug?). Any
comments that shed light on this would be appreciated. In short, "tc
filter" + htb + bridging works only with ip_forward off.
Andrew Athan
-----------------------------------------------------------------------
All:
It seems that
2003 Jun 12
11
htb problem
Hi,
I have some interesting problem with htb , I set up root class and
sub-classess:
$TC qdisc add dev eth0 root handle 1: htb
$TC class add dev eth0 parent 1: classid 1:1 htb rate 1990kbit ceil 2000kbit
$TC class add dev eth0 parent 1:1 classid 1:10 htb rate 190kbit ceil 200kbit
$TC class add dev eth0 parent 1:1 classid 1:11 htb rate 1400kbit ceil
1600kbit
$TC class add dev eth0 parent 1:1
2011 Mar 09
0
how to only allow tcp on dport 443 on the OUTPUT chain?
it's a normal desktop machines iptables firewall:
If i want to block udp on dport 80 on the output chain, then is this enough? i want to only allow tcp on it!
iptables -P OUTPUT DROP
iptables -A OUTPUT -o $PUBIF --dport 80 -j ACCEPT
or i need this rule?
iptables -P OUTPUT DROP
iptables -A OUTPUT -o $PUBIF -p tcp --dport 80 -j ACCEPT
the second one is the good one?
-------------- next
2006 Aug 21
1
tc filter don''t match packets
Hi,
I have problem with this simple script:
#!/bin/bash
if [ "$1" == "del" ]; then
tc qdisc del dev eth0 root handle 1: htb default 10
exit
fi
tc qdisc add dev eth0 root handle 1: htb default 10
tc class add dev eth0 parent 1: classid 1:1 htb rate 800kbit ceil 900kbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 300kbit ceil 600kbit
tc class add dev eth0 parent 1:1
2002 Jun 18
7
Better filtering to a class
Dear all,
I want to make a filter for all IRC-Dalnet traffic, so I want to put all
traffic for port 6660, 6661, 6662, 6663, 6664, 6665, 6666, 6667, 6668, 6669,
7000, 7001, 7002, and 8000 to a class. So, I create a TC script as below.
I''m sure, it is not effective, and we can write it in simpler.
I need help, how to make my script below are simpler.
The simpler, the better.
Thank you
2005 Apr 22
1
Re: tc filter - based on iptables - MAC - MARK not working -altough marking on ip src, dst address works
Reading along the Net it seems that MAC marking is not
working with egress HTB (because ipables marks
packages based on --mac-source ). So my only choice is
using ingress or u32.
So this is how I did it:
I called bellow script add_shaping
DEV="eth0"
tc qdisc add dev $DEV root handle 1: htb default 20
tc class add dev $DEV parent 1: classid 1:1 htb rate
200kbps ceil 200kbps
tc class
2004 Nov 26
4
HTB dropping packets while tokens available?
Hi again,
I just ran into a seriously strange glitch, and was wondering if anybody
had experienced this...
I have an HTB class with an iptables classifier. The iptables
classifier shows packets hitting the rule for this class.
Now, HTB drops these packets (''dropped'' increases), even although the
packets are small, and there are over 10000 tokens available.
Is there any
2007 May 02
7
tc u32 match !port
How can i redirect all traffic that not come from port 80 to a flow ?
i was thing about some like
tc filter add dev imq1 parent 1: protocol ip prio 7 u32 match ip sport
!80 ......
But this not work.
Another doubt, if i have two rules that intersects , for example ,
one filter with u32 match ip src 10.10.10.10 flowid 1:10
and other with u32 match sport 80 0xffff flowid 1:11 , which one will
2005 Apr 19
7
tc filter - based on iptables - MAC - MARK not working - altough marking on ip src, dst address works
=== tc filter - based on iptables - MAC fw marking not
working ==
DEV="eth1"
tc qdisc add dev $DEV root handle 1: htb default 20
tc class add dev $DEV parent 1: classid 1:1 htb rate
600kbps ceil 3276800kbit
tc class add dev $DEV parent 1:1 classid 1:15 htb rate
3kbps prio 4
tc class add dev $DEV parent 1:1 classid 1:20 htb rate
500kbps prio 3
tc qdisc add dev $DEV parent 1:15 handle
2002 Sep 06
1
Examples from HTB home page...
... do not work anymore. Anybody with a hint? I''ve got a fully
functional HTB setup and just wanted to replace the kernel from 2.4.17
to 2.4.19. In the end the modified tc binary doesn''t recognize "tc
filter add" (yet it does accept qdisc show and recognizes htb...)
I''ve downloaded the 2.4.19 from kernel.org, iproute2 (2.4.7),
installed the patches
2005 Dec 16
2
tc filter match u8 problem??
Hi All
Can someone tell me what am I doing wrong?
These was suposed to catch icmp type 8. Why ''match u8'' does not work?
# tc filter add dev eth0 protocol ip parent 1: prio 2 \
u32 \
match u16 0x0800 0xffff at -2 \
match u8 8 0xff at 20 \
flowid 1:5
Illegal "match"
#
# tc filter add dev eth0 protocol ip parent 1: prio 2 \
u32 \
match
2002 May 23
3
ConnBytes iptables match
Hi,
as I promised in LARTC list I created patch for new connbytes
match. It matches packets which bellongs to connection which
transfered given range of bytes.
For those interested it is at
http://luxik.cdi.cz/~devik/connbytes/
It was originaly meant to be used with HTB or other qdisc to
reclassify long download streams to lower prio class.
devik
2006 Dec 26
1
Curious situation of htb
Dear all,
I''m now developing the qos mechanism on my mechine. I have read the
documents of both the web site "HTB Home" and "lartc.org". But it confuses
me that what is the accurate definition of the argument "rate"?
It seems to be "the minimum rate which is guaranteed for a class" in the
user guide of HTB Home, but in the manpage of lartc.org
2004 Mar 22
2
tcng TCP ACK match
Hello.
I have been trying to duplicate these u32 matching rules using TCNG, but
without much success:
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32\
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10
Wondershaper 1.1a implements this and if I run it things seem to be shaped as
expected. But this TCNG
2004 Nov 22
0
Testing if tc works as configured and shaping rtp traffic
Hi,
I have implemented qos at my gateway, mostly for speeding up dns and
[video,voice] chat traffic and to slow down p2p traffic. It seems every
thing is working properly, as by browsing speed has been improved. But I
want to test it by sending various traffic and to see through which
qdisc the traffic flows, so that i can be certain that it is working
the way I want it to work.
The rules
2014 Feb 02
0
[Bug 892] New: ip6tables --match policy needs to accept IPv4 addresses for --tunnel-src and --tunnel-dst
https://bugzilla.netfilter.org/show_bug.cgi?id=892
Summary: ip6tables --match policy needs to accept IPv4
addresses for --tunnel-src and --tunnel-dst
Product: iptables
Version: 1.4.x
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ip6tables
2004 Nov 19
3
mixing u32 and fwmark
Hi!
There is one thing I can''t do. In my country we have to pay for
"foreign" internet. Local internet is cheap and fast, but foreign is
slow and expensive. So I want do following:
mark every packet with iptables, where --set-mark 1 for foreign
internet, but --set-mark 2 for local internet
next when I got all traffic marking, I need to assign traffic to users
so I make