> ${TC} filter add dev ${DEV_IFB} parent 1:0 prio 4 protocol ip u32 \
> match ip protocol 0x6 0xff \
> match ip dport 21 0xffff \
> classid 1:14 # ftp-server
>
> This works fine, but traffic for 1:14 (ftp) never gets into 1:14.
>
> Is there a certain rule order in which filters must be written? As far
> as I can see I haven't made any mistakes in these filters...
>
> Anyone a hint?
>
Port 21 is used only by the control connection of FTP. Active mode FTP
uses port 20 to do the actual downloading and Passive mode uses random
ports. I think you need to mark packets in iptables using
ip_conntrack_ftp helper to identify ftp packets.
_______________________________________________
LARTC mailing list
[email protected]
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
