zoukankan      html  css  js  c++  java
  • (1) ip

    http://baturin.org/docs/iproute2/#Add%20a%20route%20via%20interface


    Policy-based routing (PBR) in Linux is designed the following way: first you create custom routing tables, then you create rules to tell the kernel it should use those tables instead of the default table for specific traffic.

    Some tables are predefined:

    local (table 255)
    Contains control routes local and broadcast addresses.
    main (table 254)
    Contains all non-PBR routes. If you don't specify the table when adding a route, it goes here.
    default (table 253)
    Reserved for post processing, normally unused.

    User-defined tables are created automatically when you add the first route to them.

    Create a policy route

    ip route add ${route options} table ${table id or name}
    Examples:
    ip route add 192.0.2.0/27 via 203.0.113.1 table 10
    ip route add 0.0.0.0/0 via 192.168.0.1 table ISP2
    ip route add 2001:db8::/48 dev eth1 table 100

    Notes: You can use any route options described in "Route management" section in policy routes too, the only difference is the "table ${table id/name}" part at the end.

    Numeric table identifiers and names can be used interchangeably. To create your own symbolic names, edit/etc/iproute2/rt_tables config file.

    "delete", "change", "replace", or any other route actions work with any table too.

    "ip route ... table main" or "ip route ... table 254" would have exact same effect to commands without a table part.

    View policy routes

    ip route show table ${table id or name}
    Examples:
    ip route show table 100
    ip route show table test

    Note: in this case you need the "show" word, the shorthand like "ip route table 120" do not work because the command would be ambiguous.

    General rule syntax

    ip rule add ${options} <lookup ${table id or name}|blackhole|prohibit|unreachable>

    Traffic that matches the ${options} (described below) will be routed according to the table with specified name/id instead of the "main"/254 table if "lookup" action is used.

    "blackhole", "prohibit", and "unreachable" actions that work the same way to route types with same names. In most of examples we will use "lookup" action as the most common.

    For IPv6 rules, use "ip -6", the rest of the syntax is the same.

    "table ${table id or name}" can be used as alias to "lookup ${table id or name}".

    Create a rule to match a source network

    ip rule add from ${source network} ${action}
    Examples:
    ip rule add from 192.0.2.0/24 lookup 10
    ip -6 rule add from 2001:db8::/32 prohibit

    Notes: "all" can be used as shorthand to 0.0.0.0/0 or ::/0

    Create a rule to match a destination network

    ip rule add to ${destination network} ${action}
    Examples:
    ip rule add to 192.0.2.0/24 blackhole
    ip -6 rule add to 2001:db8::/32 lookup 100

    Create a rule to match a ToS field value

    ip rule add tos ${ToS value} ${action}
    Examples:
    ip rule add tos 0x10 lookup 110

    Create a rule to match a firewall mark value

    ip rule add fwmark ${mark} ${action}
    Examples:
    ip rule add fwmark 0x11 lookup 100

    Note: See iptables documentation to find out how to set the mark.

    Create a rule to match inbound interface

    ip rule add iif ${interface name} ${action}
    Examples:
    ip rule add iif eth0 lookup 10
    ip rule add iif lo lookup 20

    Rule with "iif lo" (loopback) will match locally generated traffic.

    Create a rule to match outbound interface

    ip rule add oif ${interface name} ${action}
    Examples:
    ip rule add oif eth0 lookup 10

    Note: this works only for locally generated traffic.

    Set rule priority

    ip rule add ${options} ${action} priority ${value}
    Examples:
    ip rule add from 192.0.2.0/25 lookup 10 priority 10
    ip rule add from 192.0.2.0/24 lookup 20 priority 20

    Note: As rules are traversed from the lowest to the highest priority and processing stops at first match, you need to put more specific rules before less specific. The above example demonstrates rules for 192.0.2.0/24 and its subnet 192.0.2.0/25. If the priorities were reversed and the rule for /25 was placed after the rule for /24, it would never be reached.

    Show all rules

    ip rule show
    ip -6 rule show

    Delete a rule

    ip rule del ${options} ${action}
    Examples:
    ip rule del 192.0.2.0/24 lookup 10

    Notes: You can copy/paste from the output of "ip rule show"/"ip -6 rule show".

    Delete all rules

    ip rule flush
    ip -6 rule flush

    Notes: this operation is highly disruptive. Even if you have not configured any rules, "from all lookup main" rules are initialized by default. On an unconfigured machine you can see this:

    $ ip rule show
    0:	from all lookup local 
    32766:	from all lookup main 
    32767:	from all lookup default 
    
    $ ip -6 rule show
    0:	from all lookup local 
    32766:	from all lookup main 
    

    The "from all lookup local" rule is special and cannot be deleted. The "from all lookup main" is not, there may be valid reasons not to have it, e.g. if you want to route only traffic you created explicit rules for. As a side effect, if you do "ip rule flush", this rule will be deleted, which will make the system stop routing any traffic until you restore your rules.


  • 相关阅读:
    输出重定向
    echo带颜色输出
    shell学习视频目录
    css盒模型
    jQuery表格模糊搜索
    mysql基础语法3
    mysql基础语法2
    mysql基础语法1
    pyspider框架的使用
    quill富文本框图片上传重写
  • 原文地址:https://www.cnblogs.com/ztguang/p/12644881.html
Copyright © 2011-2022 走看看