VYRIESENE Re: [linux] iptables + DSCP
Ernest Beinrohr
Ernest na Beinrohr.sk
Pondělí Květen 12 11:14:07 CEST 2003
M.F. PSIkappa wrote:
>Zdravim,
>trosku malo info ale co uz...
>musis mat iptables minimalne 1.2.6a a musis spustit patch-o-matic aby si
>mal DSCP match and target.
>
>dscp
>This module matches the 6 bit DSCP field within the TOS field in the IP
>header. DSCP has superseded TOS within the IETF.
>--dscp value
>Match against a numeric (decimal or hex) value [0-32].
>--dscp-class DiffServ Class
>Match the DiffServ class. This value may be any of the BE, EF, AFxx or CSx
>classes. It will then be converted into it's according numeric value.
>
>Skus presne popisat co a ako robis a ake chyby to vypisuje. Popripade skus
>nacrtnut nejaku ideu, co od toho vlastne chces..
>
>
>
Uz som to vyspekuloval. Pouzivam totiz ako fw shorewall a tak som si
spravil skriptik, co vytvori nove chainy a vlozi tam tie sledovania, co
potrebujem.
spravil som to takto:
iptables -N account
iptables -I {INPUT,OUTPUT, FORWARD} -j account
a taketo pravidla som tam pridal.
iptables -A account -i eth0 -m dscp --dscp 0xAB
...
cely ten skript je v /etc/shorewall/start
--
Ernest Beinrohr, OERNii
eAdmin @ AxonPro.sk, http://www.AxonPro.sk
+421-2-62410360, +421-903-482603
HomePage: http://www.OERNii.sk/
-----
"Be liberal in what you accept,and conservative in what you send."
-- Postel
Další informace o konferenci linux