The advantage of ingress approach

 * egress rules are much more flexible than ingress filters

原本的 ingress 只可 drop packets, 轉成 egress 後可以用上 wait times

# The default is 2

modprobe ifb numifbs=1

# enable ifb interfaces

ip link set dev ifb0 up

# eth0 -> ifb0

tc qdisc add dev eth0 handle ffff: ingress

tc filter add dev eth0 parent ffff: protocol ip u32 match u32 0 0 action mirred egress redirect dev ifb0

# Now, you can apply all the rules you want.