ip-full package has been installed
ip rule add sport 38123 dport 34000 table 108 pref 108
ip rule list pref 108
108: from all lookup 108
ip-full package has been installed
ip rule add sport 38123 dport 34000 table 108 pref 108
ip rule list pref 108
108: from all lookup 108
There are no sport
and dport
options for IP rule. You'll need to resort to an fwmark
match together with an accompanying iptables rule which tags the traffic with a given fwmark, depending on the source and dest port.
ip rule { add | del } SELECTOR ACTION
...
SELECTOR := ... [ sport [ NUMBER | NUMBER - NUMBER ] ] [ dport [ NUMBER | NUMBER - NUMBER ] ]
Sorry, my fault then. At least with iproute2 4.14.1
on debian, SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ]
in both help an man page outputs.
Also, the underlying FRA_SPORT_RANGE
and FRA_DPORT_RANGE
netlink attributes are only supported with kernel 4.17 and later.
Thanks. so the problem is, the iproute2 package (4.18.0) has port match support already, but the current kernel has not supported yet.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.