Книга: Iptables Tutorial 1.2.2

Dscp match

This match is used to match on packets based on their DSCP (Differentiated Services Code Point) field. This is documented in the RFC 2638 - A Two-bit Differentiated Services Architecture for the Internet RFC. The match is explicitly loaded by specifying -m dscp. The match can take two mutually exclusive options, described below.

Table 10-13. Dscp match options

Match --dscp
Kernel 2.5 and 2.6
Example iptables -A INPUT -p tcp -m dscp --dscp 32
Explanation This option takes a DSCP value in either decimal or in hex. If the option value is in decimal, it would be written like 32 or 16, et cetera. If written in hex, it should be prefixed with 0x, like this: 0x20. It can also be inverted by using the ! character, like this: -m dscp ! --dscp 32.
Match --dscp-class
Kernel 2.5 and 2.6
Example iptables -A INPUT -p tcp -m dscp --dscp-class BE
Explanation The --dscp-class match is used to match on the DiffServ class of a packet. The values can be any of the BE, EF, AFxx or CSx classes as specified in the various RFC's. This match can be inverted just the same way as the --dscp option.

Note Please note that the --dscp and --dscp-class options are mutually exclusive and can not be used in conjunction with each other.

