|
 |
049c96 |
From c2d169ccc97a4eca2755b9e54977634654277798 Mon Sep 17 00:00:00 2001
|
|
|
049c96 |
From: Phil Sutter <psutter@redhat.com>
|
|
|
049c96 |
Date: Thu, 18 Feb 2016 15:45:21 +0100
|
|
|
049c96 |
Subject: [PATCH] tc: add a man page for fw filter
|
|
|
049c96 |
|
|
|
049c96 |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1286711
|
|
|
049c96 |
Upstream Status: iproute2.git commit 49891ba177283
|
|
|
049c96 |
|
|
|
049c96 |
commit 49891ba177283d3bece364c50e7c9909e2b733b5
|
|
|
049c96 |
Author: Phil Sutter <phil@nwl.cc>
|
|
|
049c96 |
Date: Fri Oct 23 19:47:12 2015 +0200
|
|
|
049c96 |
|
|
|
049c96 |
tc: add a man page for fw filter
|
|
|
049c96 |
|
|
|
049c96 |
Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
|
|
|
049c96 |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
049c96 |
---
|
|
|
049c96 |
man/man8/tc-fw.8 | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
049c96 |
1 file changed, 66 insertions(+)
|
|
|
049c96 |
create mode 100644 man/man8/tc-fw.8
|
|
|
049c96 |
|
|
|
049c96 |
diff --git a/man/man8/tc-fw.8 b/man/man8/tc-fw.8
|
|
|
049c96 |
new file mode 100644
|
|
|
049c96 |
index 0000000..d742b47
|
|
|
049c96 |
--- /dev/null
|
|
|
049c96 |
+++ b/man/man8/tc-fw.8
|
|
|
049c96 |
@@ -0,0 +1,66 @@
|
|
|
049c96 |
+.TH "Firewall mark classifier in tc" 8 "21 Oct 2015" "iproute2" "Linux"
|
|
|
049c96 |
+
|
|
|
049c96 |
+.SH NAME
|
|
|
049c96 |
+fw \- fwmark traffic control filter
|
|
|
049c96 |
+.SH SYNOPSIS
|
|
|
049c96 |
+.in +8
|
|
|
049c96 |
+.ti -8
|
|
|
049c96 |
+.BR tc " " filter " ... " fw " [ " classid
|
|
|
049c96 |
+.IR CLASSID " ] [ "
|
|
|
049c96 |
+.B action
|
|
|
049c96 |
+.IR ACTION_SPEC " ]"
|
|
|
049c96 |
+.SH DESCRIPTION
|
|
|
049c96 |
+the
|
|
|
049c96 |
+.B fw
|
|
|
049c96 |
+filter allows to classify packets based on a previously set
|
|
|
049c96 |
+.BR fwmark " by " iptables .
|
|
|
049c96 |
+If it is identical to the filter's
|
|
|
049c96 |
+.BR handle ,
|
|
|
049c96 |
+the filter matches.
|
|
|
049c96 |
+.B iptables
|
|
|
049c96 |
+allows to mark single packets with the
|
|
|
049c96 |
+.B MARK
|
|
|
049c96 |
+target, or whole connections using
|
|
|
049c96 |
+.BR CONNMARK .
|
|
|
049c96 |
+The benefit of using this filter instead of doing the
|
|
|
049c96 |
+heavy-lifting with
|
|
|
049c96 |
+.B tc
|
|
|
049c96 |
+itself is that on one hand it might be convenient to keep packet filtering and
|
|
|
049c96 |
+classification in one place, possibly having to match a packet just once, and on
|
|
|
049c96 |
+the other users familiar with
|
|
|
049c96 |
+.BR iptables " but not " tc
|
|
|
049c96 |
+will have a less hard time adding QoS to their setups.
|
|
|
049c96 |
+.SH OPTIONS
|
|
|
049c96 |
+.TP
|
|
|
049c96 |
+.BI classid " CLASSID"
|
|
|
049c96 |
+Push matching packets to the class identified by
|
|
|
049c96 |
+.IR CLASSID .
|
|
|
049c96 |
+.TP
|
|
|
049c96 |
+.BI action " ACTION_SPEC"
|
|
|
049c96 |
+Apply an action from the generic actions framework on matching packets.
|
|
|
049c96 |
+.SH EXAMPLES
|
|
|
049c96 |
+Take e.g. the following tc filter statement:
|
|
|
049c96 |
+
|
|
|
049c96 |
+.RS
|
|
|
049c96 |
+.EX
|
|
|
049c96 |
+tc filter add ... handle 6 fw classid 1:1
|
|
|
049c96 |
+.EE
|
|
|
049c96 |
+.RE
|
|
|
049c96 |
+
|
|
|
049c96 |
+will match if the packet's
|
|
|
049c96 |
+.B fwmark
|
|
|
049c96 |
+value is
|
|
|
049c96 |
+.BR 6 .
|
|
|
049c96 |
+This is a sample
|
|
|
049c96 |
+.B iptables
|
|
|
049c96 |
+statement marking packets coming in on eth0:
|
|
|
049c96 |
+
|
|
|
049c96 |
+.RS
|
|
|
049c96 |
+.EX
|
|
|
049c96 |
+iptables -t mangle -A PREROUTING -i eth0 -j MARK --set-mark 6
|
|
|
049c96 |
+.EE
|
|
|
049c96 |
+.RE
|
|
|
049c96 |
+.SH SEE ALSO
|
|
|
049c96 |
+.BR tc (8),
|
|
|
049c96 |
+.BR iptables (8),
|
|
|
049c96 |
+.BR iptables-extensions (8)
|
|
|
049c96 |
--
|
|
|
049c96 |
1.8.3.1
|
|
|
049c96 |
|