...
- firewall mangle - it gives more control over the criteria to be used to steer traffic, for example, per connection or per packet balancing, etc. For more info on how to use mangle marking see Firewall Marking examples.
- routing rules - a basic set of parameters that can be used to quickly steer traffic. This is the method we are going to use for our example.
It is not recommended to use both methods at the same time or you should know exactly what you are doing. If you really do need to use both mangle and routing rules in the same setup then keep in mind that mangle has higher priority, meaning if the mangle marked traffic can be resolved in the table then route rules will never see this traffic.
Routing Rules
Routing rules allow steering traffic based on basic parameters like a source address, a destination address, or in-interface as well as other parameters.
...
List of all the parameters that can be used by routing rules:
| Property | Description |
|---|---|
| action (drop | lookup | lookup-only-in-table | unreachable) | An action to take on the matching packet:
|
| comment (string) | |
| disabled (yes | no) | The disabled rule is not used. |
| dst-address() | The destination address of the packet to match. |
| interface (string) | Incoming interface to match. |
| min-prefix (integer [0..4294967295]) | Equivalent to Linux IP rule suppress_prefixlength . For example to suppress the default route in the routing decision set the value to 0. |
| routing-mark (string) | Match specific routing mark. |
| src-address (string) | The source address of the packet to match. |
| table (name) | Name of the routing table to use for lookup. |