From mboxrd@z Thu Jan  1 00:00:00 1970
From: Eric Leblond <eric@regit.org>
Date: Tue, 18 Mar 2003 11:26:55 +0000
Subject: Re: [LARTC] matching ftp - how?
MIME-Version: 1
Content-Type: multipart/mixed; boundary="=-B33nOmbm/WWlUUNO5prO"
Message-Id: <marc-lartc-104798687303293@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-104747890714929@msgid-missing>
In-Reply-To: <marc-lartc-104747890714929@msgid-missing>
To: lartc@vger.kernel.org


--=-B33nOmbm/WWlUUNO5prO
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On Thu, 2003-03-13 at 08:50, Eric Leblond wrote:
> Le mer 12/03/2003 =E0 22:25, Abraham van der Merwe a =E9crit :

> I wrote a very little howto :
> http://home.regit.org/connmark.html

I just rewrite the mini-howto because I found a best way to do the
thing.
The code is now the following :

iptables -A POSTROUTING -t mangle -j CONNMARK --restore-mark
iptables -A POSTROUTING -t mangle -m mark ! --mark 0 -j ACCEPT
iptables -A POSTROUTING -m mark --mark 0 -p tcp --dport 21 -t mangle -j MAR=
K --set-mark 1
iptables -A POSTROUTING -m mark --mark 0 -p tcp --dport 80 -t mangle -j MAR=
K --set-mark 2
iptables -A POSTROUTING -m mark --mark 0 -t mangle -p tcp -j MARK --set-mar=
k 3
iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark

It use save-mark to convert fwmark into connmark, so all the packet of
the connection get the correspondant mark.

More explanation on the site.

--=20
Eric Leblond <eric@regit.org>
Regit.org

--=-B33nOmbm/WWlUUNO5prO
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA+dwJ9nxA7CdMWjzIRAq0DAJ9zOlu5O5yYU5Fc7+QlFGoN2rofjwCfcxoH
wgy+IX4bgBC8RPrzd4YQ5sQ=
=QXr+
-----END PGP SIGNATURE-----

--=-B33nOmbm/WWlUUNO5prO--
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/