在testing环境中,进程将数据包发送出特定的接口。 我希望能够将所有的数据包发送到一个nfqueue。 我可以通过执行如下操作来在接口上传入数据包:
iptables -t mangle -A PREROUTING -i eth0 -j NFQUEUE --queue-num 10 但是,尝试在任何出站表上执行相同的操作都会导致-i选项无效的错误。 这是否有可能实现,如果是这样,怎么样?
-i用于传入数据包。
使用-o输出数据包。
你可以在手册中find解释:
[!] -i, --in-interface name Name of an interface via which a packet was received (only for packets entering the INPUT, FORWARD and PREROUTING chains). When the "!" argument is used before the interface name, the sense is inverted. If the interface name ends in a "+", then any interface which begins with this name will match. If this option is omitted, any interface name will match. [!] -o, --out-interface name Name of an interface via which a packet is going to be sent (for packets entering the FORWARD, OUTPUT and POSTROUTING chains). When the "!" argument is used before the interface name, the sense is inverted. If the interface name ends in a "+", then any interface which begins with this name will match. If this option is omitted, any interface name will match.
或者在iptables --help的输出中iptables --help :
[!] --out-interface -o output name[+] network interface name ([+] for wildcard)