IFB and iptables

IFB and iptables

[Jérôme Poulin]

Hi,

I'm trying to convert my IMQ based script to use the IFB device instead.
Things appear to work quite right however the u32 classifier isn't
aware of any connection tracking and I was wondering if it is at all
possible to use match from iptables like layer7 when you use the IFB
device?

And my need for the IFB device / IMQ is because I want to classify my
IPv6 traffic which is in an IPv4 SIT tunnel and mix the content of the
SIT tunnel to eth0 minus protocol 41.

Thanks.

Re: IFB and iptables

[Andrew Beverley]

On Wed, 2011-05-25 at 18:21 -0400, Jérôme Poulin wrote:
> Hi,
> 
> I'm trying to convert my IMQ based script to use the IFB device instead.
> Things appear to work quite right however the u32 classifier isn't
> aware of any connection tracking and I was wondering if it is at all
> possible to use match from iptables like layer7 when you use the IFB
> device?

It depends where you are attaching your IFB device. Unlike IMQ, IFB can
only be hooked on an interface (IMQ can be hooked between iptables
chains). Therefore, if you are doing it on the ingress interface,
traffic will not have been connection-tracked. Off the top of my head,
it should work on egress though.

Andy