2

I am trying to use the IFB driver for ingress traffic and are having some problems getting it to work for us. It hooks the packets before netfilter and so marks set with iptables are not seen by tc filters on the ifb device. This makes it difficult, and in some cases impossible, to do any kind of complex filtering such as port ranges and many other matches that are easy to do with iptables. So my questions are:

  1. Is there any way to set marks with iptables and have them seen in the IFB device after redirection?
  2. Is there any way to use IFB as an iptables target the same way you can do a "-j IFB" target?
  3. If the previous answers are "no", then are there any plans to implement those features?

Thanks

Improve this question

1 Answer 1

Reset to default
0

Answering 2) you can use -i if you want to target an specific device in iptables. Please notice that it is only for INPUT, FORWARD and PREROUTING chains. For example:

iptables -t mangle -i ifb0 --insert INPUT 1 --jump testChain --wait

About your question 1), I am curious if you find an answer. I am blocked by a similar issue?

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.