在测试环境中,进程会将数据包从特定接口发送出去。我希望能够将所有从该接口发出的数据包发送到 nfqueue。我可以通过以下方式对接口上的传入数据包执行此操作:
iptables -t mangle -A PREROUTING -i eth0 -j NFQUEUE --queue-num 10
但是,尝试对任何出站表执行相同操作都会出现错误,提示 -i 选项无效。这可以实现吗?如果可以,如何实现?
答案1
-i用于传入数据包。
用于-o传出数据包。
您可以在手册页中找到解释:
[!] -i, --in-interface name
Name of an interface via which a packet was received (only for
packets entering the INPUT, FORWARD and PREROUTING chains).
When the "!" argument is used before the interface name, the
sense is inverted. If the interface name ends in a "+", then
any interface which begins with this name will match. If this
option is omitted, any interface name will match.
[!] -o, --out-interface name
Name of an interface via which a packet is going to be sent (for
packets entering the FORWARD, OUTPUT and POSTROUTING chains).
When the "!" argument is used before the interface name, the
sense is inverted. If the interface name ends in a "+", then
any interface which begins with this name will match. If this
option is omitted, any interface name will match.
或者在输出中iptables --help:
[!] --out-interface -o output name[+]
network interface name ([+] for wildcard)