Re: Marking packets: order is important?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: George Alexandru Dragoi <waruiinu@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Re: Marking packets: order is important?
Date: Thu, 16 Sep 2004 11:58:39 +0300	[thread overview]
Message-ID: <3063e5040916015858fe42d0@mail.gmail.com> (raw)
In-Reply-To: <086C43C9A9A1A541BFDFABCFDA05F589028E413B@mailnew.tecnun.es>

Yes, as the comments say, the first rule just make sure everything
gets marked with 23, unless the packets also match the next rules, and
they are marked again. the MARK target does not stop the packets
"walking" throught the chain, only DROP, ACCEPT, RETURN and others,
but these 3 are most used.

On Thu, 16 Sep 2004 10:51:16 +0200, Arrizabalaga, Saioa
<sarrizabalaga@ceit.es> wrote:
> 
> I am analysing the script written in the ADSL-Bandwith-Management-HOWTO
> I found in www.tldp.org.
> 
> It marks all the packets depending on the ports they use, for example:
> 
> iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 0:1024 \
> -j MARK --set-mark 23     # Default for low port traffic
> iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 20 \
> -j MARK --set-mark 26     # ftp-data port, low prio
> 
> But as far as I can see, the packet that matches the second rule,
> matches the first rule as well, so, I guess that when this packet is
> marked by the first rule (--set-mark 23), follows the chain, sees that
> it also matches the second rule and then it is marked again with the new
> value(--set-mark 26).
> 
> I would like someone to confirm this. If all this is true, the most
> specific rules should be placed at the end, am I right?
> 
> Regards,
> 
> Saioa Arrizabalaga
> 
> 

-- 
Bla bla

next prev parent reply	other threads:[~2004-09-16  8:58 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-09-16  8:51 Marking packets: order is important? Arrizabalaga, Saioa
2004-09-16  8:58 ` George Alexandru Dragoi [this message]
2004-09-16 16:14 ` Jose Maria Lopez

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3063e5040916015858fe42d0@mail.gmail.com \
    --to=waruiinu@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.