From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
Date: Fri, 29 Aug 2003 23:24:52 +0000
Subject: Re: [LARTC] Layer 7 application blocking via tc/iptables?
Message-Id: <marc-lartc-106219954921379@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-106201614032501@msgid-missing>
In-Reply-To: <marc-lartc-106201614032501@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

 : >  You can place the fwmark on one machine, and then
 : > iptables block it on another if necessary.
 :
 : Can you do that?

No.

 : AFAIK, the fwmark disappears when it leaves the machine.

This is accurate.  The fwmark is metadata and is only available on the box
where the packet has been marked.

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/