Answer the question
In order to leave comments, you need to log in
Is it possible to catch packets marked in cgroup in mikrotik firewall?
The system has a process added to the cgroup group with the net_cls subsystem in which it is marked with an identifier
cgcreate -g net_cls:dropnet
echo 0x00100001 > /sys/fs/cgroup/net_cls/dropnet/net_cls.classid
cgexec -g net_cls:dropnet firefox
Answer the question
In order to leave comments, you need to log in
No, unfortunately it will not be possible to use these labels, since these labels are not transmitted over the network outside the host. They can only be used in iptables on the host. Therefore, you can only drop them there.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question