type TYPE (default)
-- the type of this rule. The list of valid types was given in the previous subsection.
from PREFIX
-- select the source prefix to match.
to PREFIX
-- select the destination prefix to match.
iif NAME
-- select the incoming device to match. If the interface is loopback, the rule only matches packets originating from this host. This means that you may create separate routing tables for forwarded and local packets and, hence, completely segregate them.
tos TOS or dsfield TOS
-- select the TOS value to match.
fwmark MARK
-- select the fwmark value to match.
priority PREFERENCE
-- the priority of this rule. Each rule should have an explicitly
set unique priority value.
1cm NB.
Really, for historical reasons ip rule add does not require a
priority value and allows them to be non-unique.
If the user does not supplied a priority, it is selected by the kernel.
If the user creates a rule with a priority value that
already exists, the kernel does not reject the request. It adds
the new rule before all old rules of the same priority.
It is mistake in design, no more. And it will be fixed one day, so do not rely on this feature. Use explicit priorities.
table TABLEID
-- the routing table identifier to lookup if the rule selector matches.
realms FROM/TO
-- Realms to select if the rule matched and the routing table lookup
succeeded. Realm TO is only used if the route did not select
any realm.
nat ADDRESS
-- The base of the IP address block to translate (for source addresses).
The ADDRESS may be either the start of the block of NAT addresses
(selected by NAT routes) or in linux-2.2 a local host address (or even zero).
In the last case the router does not translate the packets,
but masquerades them to this address; this feature disappered in 2.4.
More about NAT is in Appendix C,
p.![[*]](crossref.png)
.