Differences

This shows you the differences between two versions of the page.

--- documentation:configuration:config_files:config_network [2015/05/13 10:35]
admin
+++ documentation:configuration:config_files:config_network [2018/05/24 09:05] (current)
@@ Line 10: / Line 10: @@
 | [[config_network#switch_vlan|switch_vlan]] | switch-vlan configuration |
 | [[config_network#interface|interface]] | logical networks |
+| [[config_network#route|route]] | static routing |
+| [[config_network#rule|rule]] | policy based routing |
 ==== globals ====
@@ Line 27: / Line 29: @@
 ^ Name ^ Type ^ Required ^ Default ^ Description ^
-| ''name'' | string |  |  |  |
+| ''enable'' | boolean | yes |  |  |
-| ''enable'' | boolean |  |  |  |
+| ''enable_vlan'' | boolean | no |  |  |
-| ''enable_vlan'' | boolean |  |  |  |
+| ''reset'' | boolean | no | | |
-| ''reset'' | boolean | | | |
 ==== switch_vlan ====
@@ Line 167: / Line 168: @@
 ''forward_dhcp'' | boolean | no | ''1'' | Enables forwarding of DHCP requests and responses, ''0'' disables it |
-===== IPv4 Routes =====
+===== route =====
 Static //IPv4 routes// can be defined on specific interfaces using ''route'' sections. As for //aliases//, multiple sections can be attached to an interface.
@@ Line 203: / Line 204: @@
 </file>
 and it will be recognized by the uci parser but not applied by the ''/etc/init.d/network'' script.
+===== rule =====
+Rules are required to define policy based routing.
+Example:
+<code>
+config rule
+	option mark   '0xFF'
+        option in     'lan'
+	option dest   '172.16.0.0/16'
+	option lookup '100'
+</code>
+The options below are defined for //IP rule// (''rule'' and ''rule6'') sections:
+^ Name ^ Type ^ Required ^ Default ^ Description ^
+| ''in'' | string | no | //(none)// | Specifies the incoming //logical interface name// |
+| ''out'' | string | no | //(none)// | Specifies the outgoing //logical interface name// |
+| ''src'' | ip subnet | no | //(none)// | Specifies the source subnet to match (CIDR notation) |
+| ''dest'' | ip subnet | no | //(none)// | Specifies the destination subnet to match (CIDR notation) |
+| ''tos'' | integer | no | //(none)// | Specifies the TOS value to match in IP headers |
+| ''mark'' | mark/mask | no | //(none)// | Specifies the //fwmark// and optionally its mask to match, e.g. ''0xFF'' to match mark 255 or ''0x0/0x1'' to match any even mark value |
+| ''invert'' | boolean | no | ''0'' | If set to ''1'', the meaning of the match options is inverted |
+| ''priority'' | integer | no | //(incrementing)// | Controls the order of the IP rules, by default the priority is auto-assigned so that they are processed in the same order they're declared in the config file |
+| ''lookup'' | routing table | at least one of | //(none)// | The rule target is a table lookup, the ID can be either a numeric table index ranging from ''0'' to ''65535'' or a symbolic alias declared in ''/etc/iproute2/rt_tables''. The special aliases ''local'' (''255''), ''main'' (''254'') and ''default'' (''253'') are recognized as well |
+| ''goto'' | rule index | ::: | ::: | The rule target is a jump to another rule specified by its ''priority'' value |
+| ''action'' | string | ::: | ::: | The rule target is one of the routing actions outlined in the table below |
+=== Routing Actions ===
+^ Action ^ Description ^
+| ''prohibit'' | When reaching the rule, respond with //ICMP prohibited// messages and abort route lookup |
+| ''unreachable'' | When reaching the rule, respond with //ICMP unreachable// messages and abort route lookup |
+| ''blackhole'' | When reaching the rule, drop packet and abort route lookup |
+| ''throw'' | Stop lookup in the current routing table even if a default route exists |

Differences

Page Tools