{"id":5373,"date":"2021-12-29T15:21:34","date_gmt":"2021-12-29T23:21:34","guid":{"rendered":"https:\/\/www.xh86.me\/?p=5373"},"modified":"2021-12-29T15:21:34","modified_gmt":"2021-12-29T23:21:34","slug":"ros-firewall-mangle%e6%a0%87%e8%ae%b0","status":"publish","type":"post","link":"https:\/\/www.xh86.me\/?p=5373","title":{"rendered":"ROS Firewall\u2014Mangle\u6807\u8bb0"},"content":{"rendered":"<div id=\"cnblogs_post_body\" class=\"blogpost-body blogpost-body-html\">\n<p>\u4e00\u3001Mangle rule\u4e00\u5171\u67095\u4e2a\u7cfb\u7edf\u81ea\u5e26\u7684chain\u94fe\u8868\uff1a<\/p>\n<p>1\u3001Forward\uff1a\u8f6c\u53d1<\/p>\n<p>2\u3001Prorouting\uff1a\u8def\u7531\u4e4b\u524d<\/p>\n<p>3\u3001Input\uff1a\u8fdb\u5165\u8def\u7531<\/p>\n<p>4\u3001Output\uff1a\u4ece\u8def\u7531\u51fa\u53bb<\/p>\n<p>5\u3001Postrouting\uff1a\u8def\u7531\u4e4b\u540e<\/p>\n<p>\u4e8c\u3001\u6807\u8bb0\uff1aIP \u2014\u2014 Firewall \u2014\u2014 Mangle \u2014\u2014 \u70b9\u51fb\u52a0\u53f7<\/p>\n<p>1\u3001\u7528ADSL\u62e8\u53f7\u4e0a\u7f51\uff08\u6539\u53d8MSS\uff1a\u6700\u5927\u53d1\u9001\u5355\u5143 \uff09\u7684\u6807\u8bb0\uff1a<\/p>\n<p>\uff08General \u2014\u2014 chain\uff1aforward \u2014\u2014 Protocol\uff1a6 (tcp)\uff09<\/p>\n<p>\uff08Advanced \u2014\u2014 TCP Flags\uff1asyn\uff09<\/p>\n<p>\uff08Action \u2014\u2014 Action\uff1achange MSS \u2014\u2014 New TCP MSS\uff1a1440\uff09<\/p>\n<p>2\u3001\u6807\u8bb0\u4e0b\u884c\u6d41\u91cf\uff08\u4e0b\u8f7d\uff09\uff1a<\/p>\n<p>\uff08General \u2014\u2014 Chain\uff1aprerouting \u2014\u2014 In.Interface\uff1a\u9009\u62e9\u5916\u7f51\u63a5\u53e3\uff09<\/p>\n<p>\uff08Action \u2014\u2014 Action\uff1amark packet \u2014\u2014 New Packet Mark\uff1adown-pack \u2014\u2014 \u53d6\u6d88\u52fe\u9009Passthrough\uff0c\u4e0d\u7ee7\u7eed\u653e\u884c\uff09<\/p>\n<p>3\u3001\u6807\u8bb0\u4e0a\u884c\u6d41\u91cf\uff08\u4e0a\u4f20\uff09<\/p>\n<p>\uff08General \u2014\u2014 Chain\uff1aforward \u2014\u2014 In.Interface\uff1a\u9009\u62e9\u5916\u7f51\u63a5\u53e3\uff09<\/p>\n<p>\uff08Action \u2014\u2014 Action\uff1amark packet \u2014\u2014 New Packet Mark\uff1aup-pack \u2014\u2014 \u53d6\u6d88\u52fe\u9009Passthrough\uff0c\u4e0d\u7ee7\u7eed\u653e\u884c\uff09<\/p>\n<p>4\u3001\u6807\u8bb0\u7aef\u53e3\uff1a<\/p>\n<p>\uff08General \u2014\u2014 Chain\uff1aprerouting \u2014\u2014 Protocol\uff1a 6 (tcp) \u2014\u2014 Dst.Port\uff1a80\uff09<\/p>\n<p>\uff08Action \u2014\u2014 Action\uff1amark connection\uff08\u6807\u8bb0\u8fde\u63a5\uff09 \u2014\u2014 New Connrction Mark\uff1aweb-conn(\u547d\u540d\u4e3aweb-conn)\uff09<\/p>\n<p>\uff08General \u2014\u2014 Chain\uff1aprerouting \u2014\u2014 Connection\uff1aweb-conn\uff09<\/p>\n<p>\uff08Action \u2014\u2014 Action\uff1amark packet \u2014\u2014\u00a0New Packet Mark\uff1aweb-pack\uff09<\/p>\n<\/div>\n<div class=\"clear\"><\/div>\n<div id=\"blog_post_info_block\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u4e00\u3001Mangle rule\u4e00\u5171\u67095\u4e2a\u7cfb\u7edf\u81ea\u5e26\u7684chain\u94fe\u8868\uff1a 1\u3001Forward\uff1a\u8f6c\u53d1 2\u3001Prorouti [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-5373","post","type-post","status-publish","format-standard","hentry","category-mikrotik"],"_links":{"self":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/5373","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5373"}],"version-history":[{"count":1,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/5373\/revisions"}],"predecessor-version":[{"id":5374,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/5373\/revisions\/5374"}],"wp:attachment":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5373"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5373"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}