Wednesday, August 16, 2017

per process routing with iptables cgroup

** info

- to 50.0.0.0/24, will be reachable by 192.168.58.245



1- make and add route to table 7
$ sudo iptables -t mangle -A OUTPUT -m cgroup --cgroup 0x00000111 -j MARK --set-mark 7
$ echo 7 ctable >> /etc/iproute2/rt_tables
$ sudo ip rule add fwmark 7 table 7
$ sudo ip route add default via 192.168.58.245 table 7



2- add task to cgroup
$ sudo mkdir /sys/fs/cgroup/net_cls/ctable
$ cd  /sys/fs/cgroup/net_cls/ctable/
$ echo 0x00000111 > net_cls.classid 

3- now add the application that what to use the new route, for example ping process and its pid is 2744
$ echo 2744 > tasks

- or remove it from that
$ cd ..
$ echo 2744 >> tasks

No comments:

Post a Comment