Filter
Top Products
--drop Drops the packet
--accept Accepts the packet
--set-prio <val>Set the 802.1p priority to <val>
--use-prio <val>Use queue priority <val>
--copy-cpu Send the packet to the CPU. This will force the full
installed chains traversal in software
--set-eport <val> Redirect the packet to port <val>
--set-mport <val> Mirror the packet to port
<val>
--set-tos <val> Set the IP-Precedence bits in the TOS field of
the IP header to <val>
--set-dscp <val>Set the 6-bit DSCP in the TOS field of the IP
header to <val>.
Options with any of these ZACTION parameters:
--counter <val> Increment classifier hit counter <val>
--arp Not an action, match only ARP packets.
-i option can be used to specify ingress port or VLAN,
-d specifies target IP address,
-p specifies arp operation as request (1) or response (2).
For arp response, the -o field can be used to specify the egress port.
ZACTION Examples
Send all tcp packets arriving on zhp5 out port 2:
iptables -a FORWARD -i zhp5 -p tcp -j ZACTION --set-eport 2
Send all tcp packets arriving on zhp5 to the CPU (software).
iptables -a FORWARD -i zhp5 -p tcp -j ZACTION --copy-cpu
Set the 802.1p priority to 3 on all tcp packets arriving on zhp5.
iptables -a FORWARD -i zhp5 -p tcp -j ZACTION --set-prio 3
Extensions to the default matches
These are described in the Linux packet filtering HOWTO at:
http://netfilter.org/documentation/index.html#documentation-howto
Ethernet Switch Blade User's Guide release 3.2.2j page 64