I can find a lot of examples on how to classify traffic for QoS using TOS and DCSP, but I can't seem to find examples which filter based on the QoS values set.
What I want to do is drop all traffic unless the DCSP flag is set to one.
Asked
Active
Viewed 1,105 times
0
-
1Do you mean the TOS (DSCP) field of IPv4 header? – Khaled Jan 04 '17 at 09:53
-
@Khaled yes correct, what I want is only traffic to pass that has a certain DSCP value set (e.g. 1) – Lucas Kauffman Jan 04 '17 at 09:55
1 Answers
2
There is an iptables module dscp that seems to do what you need. If you don't have any rules in current iptables setup, you can do something like:
iptables -A FORWARD -m dscp --dscp 1 -j ACCEPT
iptables -A FORWARD -j DROP
You may need to allow RELATED, ESTABLISHED traffic also. The above rules are applied to FORWARD chain. You can do similarly for INPUT or OUTPUT chains if required.
Khaled
- 36,533
- 8
- 72
- 99