0

I would like to match 4 IP addresses as src and other 4 IP addresses as dst when using tc filter

I do know I could use subnets in match but unfortunately my addresses does not form a subnet instead I have distinct IP addresses.

I have a working script with 1 IP address as src and 1 IP address as dst

export IF=enp0s8
export IP1=10.1.2.11
export IP2=10.1.2.15

tc qdisc del dev $IF root

tc qdisc add dev $IF root handle 1:0 htb
tc class add dev $IF parent 1:0 classid 1:1 htb rate 20mbit 

tc filter add dev $IF protocol ip parent 1:0 prio 1 u32 match ip dst $IP1/32 match ip src $IP2/32 flowid 1:1
tc filter add dev $IF protocol ip parent 1:0 prio 1 u32 match ip dst $IP2/32 match ip src $IP1/32 flowid 1:1

Because I have 4 src and 4 dst IP addresses I can accomplish the task by adding total of 32 lines of tc filter... but I am not sure there is not more efficient way.

I've tried to google for match syntax with no success. As a guesswork here is what I've tried with no success:

export IPGROUP1=10.1.2.11, 10.1.2.12, 10.1.2.13, 10.1.2.14
export IPGROUP2=10.1.2.15, 10.1.2.16, 10.1.2.17, 10.1.2.18

tc filter add dev $IF protocol ip parent 1:0 prio 1 u32 match ip dst $IPGROUP1 match ip src $IPGROUP2 flowid 1:1
tc filter add dev $IF protocol ip parent 1:0 prio 1 u32 match ip dst $IPGROUP2 match ip src $IPGROUP1 flowid 1:1
Improve this question
3
  • Have you looked at man 8 iptables Commented Feb 4, 2023 at 16:37
  • many thx. I was looking for command tc˛. Anyway I found something promising: --src-range ip-ip ... Commented Feb 4, 2023 at 19:50
  • I removed iptables tag, as I am using tc command. I could not figure out how the iptables --src-range syntax could be applied to tc Commented Feb 5, 2023 at 5:36

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.