From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Phil Sutter <phil@nwl.cc>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [iptables PATCH] doc: libxt_MARK: OUTPUT chain is fine, too
Date: Tue, 26 May 2020 19:00:50 +0200 [thread overview]
Message-ID: <20200526170050.GA16695@salvia> (raw)
In-Reply-To: <20200519230822.15290-1-phil@nwl.cc>
On Wed, May 20, 2020 at 01:08:22AM +0200, Phil Sutter wrote:
> In order to route packets originating from the host itself based on
> fwmark, mangle table's OUTPUT chain must be used. Mention this chain as
> alternative to PREROUTING.
>
> Fixes: c9be7f153f7bf ("doc: libxt_MARK: no longer restricted to mangle table")
> Signed-off-by: Phil Sutter <phil@nwl.cc>
> ---
> extensions/libxt_MARK.man | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/extensions/libxt_MARK.man b/extensions/libxt_MARK.man
> index 712fb76f7340c..b2408597e98f1 100644
> --- a/extensions/libxt_MARK.man
> +++ b/extensions/libxt_MARK.man
> @@ -1,7 +1,7 @@
> This target is used to set the Netfilter mark value associated with the packet.
> It can, for example, be used in conjunction with routing based on fwmark (needs
> -iproute2). If you plan on doing so, note that the mark needs to be set in the
> -PREROUTING chain of the mangle table to affect routing.
> +iproute2). If you plan on doing so, note that the mark needs to be set in
> +either the PREROUTING or the OUTPUT chain of the mangle table to affect routing.
You have two choices:
* Set the mark in filter OUTPUT chain => it does not affect routing.
* Set the mark in the mangle OUTPUT chain => it _does_ affect routing.
Are we on the same page?
next prev parent reply other threads:[~2020-05-26 17:00 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-19 23:08 [iptables PATCH] doc: libxt_MARK: OUTPUT chain is fine, too Phil Sutter
2020-05-26 17:00 ` Pablo Neira Ayuso [this message]
2020-05-26 17:05 ` Pablo Neira Ayuso
2020-05-27 15:17 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200526170050.GA16695@salvia \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=phil@nwl.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.