proxmox-mirrors/mirror_iproute2
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_iproute2 synced 2025-11-04 12:09:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
d19f72f789
mirror_iproute2/man/man8/tc-fw.8
Phil Sutter 49891ba177 tc: add a man page for fw filter 
Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Phil Sutter <phil@nwl.cc>
2015-10-23 15:37:26 -07:00

67 lines
1.4 KiB
Groff
Raw Blame History

.TH "Firewall mark classifier in tc" 8 "21 Oct 2015" "iproute2" "Linux"
.SH NAME
fw \- fwmark traffic control filter
.SH SYNOPSIS
.in +8
.ti -8
.BR tc " " filter " ... " fw " [ " classid
.IR CLASSID " ] [ "
.B action
.IR ACTION_SPEC " ]"
.SH DESCRIPTION
the
.B fw
filter allows to classify packets based on a previously set
.BR fwmark " by " iptables .
If it is identical to the filter's
.BR handle ,
the filter matches.
.B iptables
allows to mark single packets with the
.B MARK
target, or whole connections using
.BR CONNMARK .
The benefit of using this filter instead of doing the
heavy-lifting with
.B tc
itself is that on one hand it might be convenient to keep packet filtering and
classification in one place, possibly having to match a packet just once, and on
the other users familiar with
.BR iptables " but not " tc
will have a less hard time adding QoS to their setups.
.SH OPTIONS
.TP
.BI classid " CLASSID"
Push matching packets to the class identified by
.IR CLASSID .
.TP
.BI action " ACTION_SPEC"
Apply an action from the generic actions framework on matching packets.
.SH EXAMPLES
Take e.g. the following tc filter statement:
.RS
.EX
tc filter add ... handle 6 fw classid 1:1
.EE
.RE
will match if the packet's
.B fwmark
value is
.BR 6 .
This is a sample
.B iptables
statement marking packets coming in on eth0:
.RS
.EX
iptables -t mangle -A PREROUTING -i eth0 -j MARK --set-mark 6
.EE
.RE
.SH SEE ALSO
.BR tc (8),
.BR iptables (8),
.BR iptables-extensions (8)
Reference in New Issue View Git Blame Copy Permalink