How to use the --set-mark mechanism to do the accessing limit
chhj at scut.edu.cn
chhj at scut.edu.cn
Mon Mar 20 11:32:12 CET 2006
Hi!
I am doing a small project about firewall in linux in which I will use the --set-mark mechanism to do the accessing limit .For example ,The user of LAN 1 can access Server 1 and can't access Server 2 through --set-mark mechanism ,The user of LAN 2 can access
Server 2 and can't access Server 1 .I 'm going to use the netfilter/iptables frame.
The data package from LAN 1 will be set mark 1 and the data package from LAN 2 will
be set mark 2 in PREROUTING chain in mangle table . My problem is that where to match
the data package ? In POSTROUTING chain ? Is need to register functions in Netfilter framework ? Is need to use iprouter2 ? and which one is the best ?
I hope I could explain my point well.
I will really appreciate any help.
Thanks.
Sincerely,
chewhai
chhj at scut.edu.cn
2006-03-20
More information about the netfilter
mailing list