This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
documentation:configuration:config_files:config_network [2015/05/18 10:37] admin |
documentation:configuration:config_files:config_network [2015/05/18 10:54] admin [rule] |
||
---|---|---|---|
Line 219: | Line 219: | ||
</code> | </code> | ||
+ | The options below are defined for //IP rule// (''rule'' and ''rule6'') sections: | ||
+ | |||
+ | ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ||
+ | | ''in'' | string | no | //(none)// | Specifies the incoming //logical interface name// | | ||
+ | | ''out'' | string | no | //(none)// | Specifies the outgoing //logical interface name// | | ||
+ | | ''src'' | ip subnet | no | //(none)// | Specifies the source subnet to match (CIDR notation) | | ||
+ | | ''dest'' | ip subnet | no | //(none)// | Specifies the destination subnet to match (CIDR notation) | | ||
+ | | ''tos'' | integer | no | //(none)// | Specifies the TOS value to match in IP headers | | ||
+ | | ''mark'' | mark/mask | no | //(none)// | Specifies the //fwmark// and optionally its mask to match, e.g. ''0xFF'' to match mark 255 or ''0x0/0x1'' to match any even mark value | | ||
+ | | ''invert'' | boolean | no | ''0'' | If set to ''1'', the meaning of the match options is inverted | | ||
+ | | ''priority'' | integer | no | //(incrementing)// | Controls the order of the IP rules, by default the priority is auto-assigned so that they are processed in the same order they're declared in the config file | | ||
+ | | ''lookup'' | routing table | at least one of | //(none)// | The rule target is a table lookup, the ID can be either a numeric table index ranging from ''0'' to ''65535'' or a symbolic alias declared in ''/etc/iproute2/rt_tables''. The special aliases ''local'' (''255''), ''main'' (''254'') and ''default'' (''253'') are recognized as well | | ||
+ | | ''goto'' | rule index | ::: | ::: | The rule target is a jump to another rule specified by its ''priority'' value | | ||
+ | | ''action'' | string | ::: | ::: | The rule target is one of the routing actions outlined in the table below | | ||
+ | |||
+ | === Routing Actions === | ||
+ | |||
+ | ^ Action ^ Description ^ | ||
+ | | ''prohibit'' | When reaching the rule, respond with //ICMP prohibited// messages and abort route lookup | | ||
+ | | ''unreachable'' | When reaching the rule, respond with //ICMP unreachable// messages and abort route lookup | | ||
+ | | ''blackhole'' | When reaching the rule, drop packet and abort route lookup | | ||
+ | | ''throw'' | Stop lookup in the current routing table even if a default route exists | | ||