From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andy Furniss <andy.furniss@dsl.pipex.com>
Date: Sun, 09 Oct 2005 01:02:28 +0000
Subject: Re: [LARTC] Error in "15.10 Example of full nat solution with QoS"?
Message-Id: <43486C24.5050507@dsl.pipex.com>
List-Id: <lartc.vger.kernel.org>
References: <91740-22005104613054248@earnware.com>
In-Reply-To: <91740-22005104613054248@earnware.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Sean Dwyer wrote:
> On Wednesday 05 October 2005 18:30, Sean Dwyer wrote:
> 
>>Near the end of section 15.10, the following commands are shown for prioritizing SYN packets:
>>
>>  iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
>>  iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
>>
>>Shouldn't the "-I" option really be "-A"? Like so:
>>
>>  iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
>>  iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
>>
>>Won't using "-I" cause these entries to be inserted at the top of the chain, putting the RETURN
>>before the MARK is set? Maybe I'm missing something.
> 
> 
> Does anybody who maintains lartc.org read this mailing list?

I doubt if Bert reads every or maybe any post - I agree about the -I 
being wrong. The LARTC hasn't been changed for a while but will be 
someday I guess. There is going to be a wiki soon - there is already a 
new one for Linux-net http://linux-net.osdl.org/ .

Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc