Current status:
X86 router with ROS 3.10 installed. There is one bridge with "Use IP Firewall" enabled. In that bridge there are 2 network cards(A and B).
Mission:
I want to have four packet marks A_in,A_out,B_in,B_out. How to mark packets with these marks?
2.9.X solution
For example if i want to mark A_in i add new rule to ip/firewall(chain:prerouting,in-interface:A,action:mark)...
And if i want to mark A_out i add new rule to ip/firewall(chain:postrouting,out-interface:A,action:mark)...
3.X non-working solution
I tick "Use IP firewall" for our bridge.
To mark A_in i add new rule to ip/firewall(chain:prerouting,in-bridge-port:A,action:mark) - It's working.
But if I want to mark outgoing traffic I try add new ip/firewall rule(chain:postrouting,out-bridge-port:A,action:mark) -but no packet is marked even though there are 4mbits on that interface
3.X working solution
I don't know. Please help.
Note: I can use Bridge/Filter for outgoing traffic. It works...but then I cant use connection marking which is very important for p2p killing.
Re: Firewall(useipfirewall=yes) in v3 doesn't functioning
did you try using 'forward' chain, not 'postrouting'?
-
-
rucevzhuru
newbie
- Posts: 43
- Joined:
Re: Firewall(useipfirewall=yes) in v3 doesn't functioning
Yes, I tried it but it didn't work.
Re: Firewall(useipfirewall=yes) in v3 doesn't functioning
well,
works fine for me
Code: Select all
/ip firewall mangle
add action=passthrough chain=postrouting disabled=no out-bridge-port=some_bridge_vlan
-
-
rucevzhuru
newbie
- Posts: 43
- Joined:
Re: Firewall(useipfirewall=yes) in v3 doesn't functioning
Which version did you use? I tried your rule in 3.10 and it didn't work.works fine for me
Re: Firewall(useipfirewall=yes) in v3 doesn't functioning
I'm using v3.14