This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
documentation:configuration:config_files:config_network [2015/05/18 10:25] admin [routes] |
documentation:configuration:config_files:config_network [2018/05/24 09:05] (current) |
||
---|---|---|---|
Line 10: | Line 10: | ||
| [[config_network#switch_vlan|switch_vlan]] | switch-vlan configuration | | | [[config_network#switch_vlan|switch_vlan]] | switch-vlan configuration | | ||
| [[config_network#interface|interface]] | logical networks | | | [[config_network#interface|interface]] | logical networks | | ||
+ | | [[config_network#route|route]] | static routing | | ||
+ | | [[config_network#rule|rule]] | policy based routing | | ||
==== globals ==== | ==== globals ==== | ||
Line 202: | Line 204: | ||
</file> | </file> | ||
and it will be recognized by the uci parser but not applied by the ''/etc/init.d/network'' script. | and it will be recognized by the uci parser but not applied by the ''/etc/init.d/network'' script. | ||
+ | |||
+ | ===== rule ===== | ||
+ | |||
+ | Rules are required to define policy based routing. | ||
+ | |||
+ | |||
+ | Example: | ||
+ | <code> | ||
+ | config rule | ||
+ | option mark '0xFF' | ||
+ | option in 'lan' | ||
+ | option dest '172.16.0.0/16' | ||
+ | option lookup '100' | ||
+ | </code> | ||
+ | |||
+ | The options below are defined for //IP rule// (''rule'' and ''rule6'') sections: | ||
+ | |||
+ | ^ Name ^ Type ^ Required ^ Default ^ Description ^ | ||
+ | | ''in'' | string | no | //(none)// | Specifies the incoming //logical interface name// | | ||
+ | | ''out'' | string | no | //(none)// | Specifies the outgoing //logical interface name// | | ||
+ | | ''src'' | ip subnet | no | //(none)// | Specifies the source subnet to match (CIDR notation) | | ||
+ | | ''dest'' | ip subnet | no | //(none)// | Specifies the destination subnet to match (CIDR notation) | | ||
+ | | ''tos'' | integer | no | //(none)// | Specifies the TOS value to match in IP headers | | ||
+ | | ''mark'' | mark/mask | no | //(none)// | Specifies the //fwmark// and optionally its mask to match, e.g. ''0xFF'' to match mark 255 or ''0x0/0x1'' to match any even mark value | | ||
+ | | ''invert'' | boolean | no | ''0'' | If set to ''1'', the meaning of the match options is inverted | | ||
+ | | ''priority'' | integer | no | //(incrementing)// | Controls the order of the IP rules, by default the priority is auto-assigned so that they are processed in the same order they're declared in the config file | | ||
+ | | ''lookup'' | routing table | at least one of | //(none)// | The rule target is a table lookup, the ID can be either a numeric table index ranging from ''0'' to ''65535'' or a symbolic alias declared in ''/etc/iproute2/rt_tables''. The special aliases ''local'' (''255''), ''main'' (''254'') and ''default'' (''253'') are recognized as well | | ||
+ | | ''goto'' | rule index | ::: | ::: | The rule target is a jump to another rule specified by its ''priority'' value | | ||
+ | | ''action'' | string | ::: | ::: | The rule target is one of the routing actions outlined in the table below | | ||
+ | |||
+ | === Routing Actions === | ||
+ | |||
+ | ^ Action ^ Description ^ | ||
+ | | ''prohibit'' | When reaching the rule, respond with //ICMP prohibited// messages and abort route lookup | | ||
+ | | ''unreachable'' | When reaching the rule, respond with //ICMP unreachable// messages and abort route lookup | | ||
+ | | ''blackhole'' | When reaching the rule, drop packet and abort route lookup | | ||
+ | | ''throw'' | Stop lookup in the current routing table even if a default route exists | | ||
+ | |||