From mboxrd@z Thu Jan 1 00:00:00 1970 From: "lartc@manchotnetworks.net" Date: Sat, 19 Jul 2003 07:45:07 +0000 Subject: Re: [LARTC] OUTPUT chain marking after or before routing? Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Hello Martin, Thanks very much for your explanation. > So, locally generated packets marked in the OUTPUT chain have already been > routed. This is really quite sad isn't it? I was attempting the following for locally generated packets: iptables --append OUTPUT --table mangle --match owner \ --uid-owner 500 --jump MARK --set-mark 0x5 ip rule fwmark 0x5 table 5; etc ... By matching the process uid or gid, I was counting on being able to policy route based on who was asking -- quite a neat solution actually. ip rule doesn't allow to match a uid/gid, and from your explanation, it would be hard to imagine. I don't suppose you have a way around this?? Cheers Charles _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/