Marking support
bbruns@gmail.com
parent
f21a1de6eb
commit
486594fdd0
|
|
@ -1,3 +1,7 @@
|
|||
0.9.7 - Brielle Bruns <bruns@2mbit.com>
|
||||
- Support for marking packets, uses new config file and
|
||||
IPv4_MARK file option
|
||||
|
||||
0.9.6 - Brielle Bruns <bruns@2mbit.com>
|
||||
- Minor changes to procedures in planning of 1.0
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@
|
|||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
FW_VERSION="0.9.6"
|
||||
FW_VERSION="0.9.7"
|
||||
|
||||
# These option is here to help pre-1.0 users easily upgrade, defines critical defaults
|
||||
# that would otherwise require remaking their options file. I leave this on by default,
|
||||
|
|
@ -354,6 +354,38 @@ if [ $LANDHCPSERVER ]; then
|
|||
|
||||
fi
|
||||
|
||||
if [ -s "$BASEDIR/include/ipv4_custom_mark" ]; then
|
||||
display_c YELLOW "Loading custom mark rules..."
|
||||
. "$BASEDIR/include/ipv4_custom_mark"
|
||||
fi
|
||||
|
||||
if [ -r "$IPv4_MARK" ]; then
|
||||
display_c YELLOW "Adding mark: "
|
||||
for i in `grep -v "\#" $IPv4_MARK`; do
|
||||
MARK=( ${i//:/ } )
|
||||
INIF=${MARK[0]}
|
||||
INIP=${MARK[1]}
|
||||
DSTIP=${MARK[2]}
|
||||
IPMARK=${MARK[3]}
|
||||
|
||||
case $INIP in
|
||||
!*) INNEG="!"
|
||||
INIP=${INIP#\!};;
|
||||
esac
|
||||
case $DSTIP in
|
||||
!*) DSTNEG="!"
|
||||
DSTIP=${DSTIP#\!};;
|
||||
esac
|
||||
|
||||
$IPTABLES -t mangle -A PREROUTING -i ${INIF} ${INNEG} -s ${INIP} \
|
||||
${DSTNEG} -d ${DSTIP} -j MARK --set-mark=${IPMARK}
|
||||
display_c DEFAULT "\t${GREEN}${INNEG}${INIF}:${PURPLE}${INIP}${AQUA}->${BLUE}${DSTNEG}${DSTIP}:${RED}${IPMARK}"
|
||||
unset INNEG DSTNET
|
||||
done
|
||||
echo -ne "\n"
|
||||
fi
|
||||
|
||||
|
||||
|
||||
if [ -s "$BASEDIR/include/ipv4_custom_nat" ]; then
|
||||
display_c YELLOW "Loading custom nat rules..."
|
||||
|
|
|
|||
|
|
@ -0,0 +1,6 @@
|
|||
# IPv4 Packet Marking
|
||||
# Used to mark packets for specific routing (or other) purposes
|
||||
# incoming-interface:src-range:dst-range:mark-num
|
||||
# Use ! before IP/range to negate
|
||||
# eth0:192.168.0.0/24:192.168.1.0/24:5
|
||||
# ORDER MATTERS!
|
||||
|
|
@ -57,6 +57,8 @@ DONTTRACK="127.0.0.1"
|
|||
# IP range(s) to forward
|
||||
ROUTING=$BASEDIR/ipv4-routing
|
||||
|
||||
# Mark ipv4 packets for advanced purposes
|
||||
IPv4_MARK=$BASEDIR/ipv4-marks
|
||||
|
||||
# Hacks to either block specific kinds of attacks or fix problems
|
||||
#
|
||||
|
|
|
|||
Loading…
Reference in New Issue