Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
the_bizzon2018-01-10 22:59:39
linux
the_bizzon, 2018-01-10 22:59:39

Is it possible to catch packets marked in cgroup in mikrotik firewall?

The system has a process added to the cgroup group with the net_cls subsystem in which it is marked with an identifier

cgcreate -g net_cls:dropnet
echo 0x00100001 > /sys/fs/cgroup/net_cls/dropnet/net_cls.classid
cgexec -g net_cls:dropnet firefox

Is it possible to set up a firewall rule on mikrotik so that it blocks marked packets? Or is it impossible in principle?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dmitry Shitskov, 2018-01-11
@the_bizzon

No, unfortunately it will not be possible to use these labels, since these labels are not transmitted over the network outside the host. They can only be used in iptables on the host. Therefore, you can only drop them there.

Similar questions
B
bituke2021-05-26 10:08:52
How to quickly deploy someone else's django project? 4Reply
S
Sergey Savostin2019-08-31 23:22:43
Real IP from different subnet for VM inside Proxmox? 3Reply
F
Froskyta_12019-09-01 08:21:38
How to add localhost in linux? 1Reply
D
dlinyj2015-04-02 12:31:28
How to create a ppp connection between a Psion PDA and a mint computer (Ubuntu)? 2Reply
L
liks2017-04-03 14:53:27
Explain for thin clients? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question