Manualshelf

Setup guide

ManualsBrandsD-Link ManualsComputer equipmentDWL-500 - 11Mb Wireless LAN PCI Network Card
201202203204205206207208209210
tcp-options (any | syn-only | non-syn-only; default: any) - TCP options
protocol (ah | egp | ggp | icmp | ipencap | ospf | rspf | udp | xtp | all | encap | gre | idpr-cmtp | ipip |
pup | st | vmtp | ddp | esp | hmp | igmp | iso-tp4 | rdp | tcp | xns-idp; default: all) - protocol setting
all - cannot be used, if you want to specify ports
content (text; default: "") - the text packets should contain in order to match the rule
flow (text) - flow mark to match. Only packets marked in the MANGLE would be matched
p2p (any | all-p2p | bit-torrent | direct-connect | fasttrack | soulseek | blubster | edonkey | gnutella;
default: any) - match Peer-to-Peer (P2P) connections:
all-p2p - match all known P2P traffic
any - match any packet (i.e., do not check this property)
connection (text; default: "") - connection mark to match. Only connections (including related)
marked in the MANGLE would be matched
limit-burst (integer; default: 0) - allowed burst regarding the limit-count/limit-time
limit-time (time; default: 0) - time interval, used in limit-count
0 - forever
limit-count (integer; default: 0) - how many times to use the rule during the limit-time period
src-mac-address (MAC address; default: 00:00:00:00:00:00) - host's MAC address the packet has
been received from
log (yes | no; default: no) - specifies to log the action or not
mark-flow (text; default: "") - change flow mark of the packet to this value
mark-connection (text; default: "") - change connection mark of the packet to this value
tcp-mss (integer | dont-change; default: dont-change) - change MSS of the packet
dont-change - leave MSS of the packet as is
tos (any | max-reliability | max-throughput | min-cost | min-delay | normal | integer; default: any) -
specifies a match for Type-of-Service field of an IP packet
set-tos (any | max-reliability | max-throughput | min-cost | min-delay | normal | dont-change;
default: dont-change) - changes the value of Type-of-Service field of an IP packet
dont-change - do not change the value of Type-of-Service field
Example
Specify the value for the mark-flow argument and use action=passthrough, for example:
[admin@test_1] ip firewall mangle> add action=passthrough mark-flow=myflow
[admin@test_1] ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 src-address=0.0.0.0/0:0-65535 in-interface=all
dst-address=0.0.0.0/0:0-65535 protocol=all tcp-options=any
icmp-options=any:any flow="" connection="" content=""
src-mac-address=00:00:00:00:00:00 limit-count=0 limit-burst=0
limit-time=0s action=passthrough mark-flow=myflow tcp-mss=dont-change
mark-connection=""
[admin@test_1] ip firewall mangle>
On order to change the MSS, adjust the tcp-mss argument. For example, if your if you have
encrypted PPPoE link with MTU = 1492, you can set the mangle rule as follows:
[admin@test_1] ip firewall mangle> add protocol=tcp\
\.. tcp-options=syn-only action=passthrough tcp-mss=1448
[admin@test_1] ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 src-address=0.0.0.0/0:0-65535 in-interface=all
dst-address=0.0.0.0/0:0-65535 protocol=all tcp-options=any
icmp-options=any:any flow="" connection="" content=""
src-mac-address=00:00:00:00:00:00 limit-count=0 limit-burst=0