Re: MARK and CONNMARK

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Brian <brian@standarduniversal.com.au>
Cc: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: MARK and CONNMARK
Date: Sat, 19 Jul 2008 00:32:23 +1000	[thread overview]
Message-ID: <4880A977.4040100@standarduniversal.com.au> (raw)
In-Reply-To: <alpine.LNX.1.10.0807170916180.18697@fbirervta.pbzchgretzou.qr>

still I am having some unexpected results

if I do


iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A POSTROUTING -m mark  --mark 3 -j ACCEPT
iptables -t mangle -A POSTROUTING -o eth41  -j MARK --set-mark 3
iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark

then

iptables -t mangle --list
yields

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
CONNMARK   0    --  anywhere             anywhere            CONNMARK 
restore
ACCEPT     0    --  anywhere             anywhere            MARK match 0x3
MARK       0    --  anywhere             anywhere            MARK set 0x3
CONNMARK   0    --  anywhere             anywhere            CONNMARK save

so it looks like it is ignoring the -o eth41 in the mark statement. It 
appears to be working right, but looks not right...

how can  I see the -o eth41 in the iptables -t mangle --list command or 
can I not



regards

Brian


Jan Engelhardt wrote:
> On Thursday 2008-07-17 08:56, Brian Austin wrote:
>
>   
>> Hi,
>>
>> sorry to hijack the thread a little bit... Just say I want to mark the
>> connections based on the network they are coming from/going to... does this
>> look appropriate?
>>     
>
> See http://dev.medozas.de/NF-Cookbook.txt (item 5) for a cooked 
> approach.
>

next prev parent reply	other threads:[~2008-07-18 14:32 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-07-16  8:46 MARK and CONNMARK Vladislav Kurz
2008-07-16  9:57 ` Jan Engelhardt
2008-07-16 10:33   ` Vladislav Kurz
2008-07-16 10:49     ` Pablo Neira Ayuso
2008-07-16 11:05       ` Vladislav Kurz
2008-07-16 15:09     ` Grant Taylor
2008-07-17  6:56       ` Brian Austin
2008-07-17  7:17         ` Jan Engelhardt
2008-07-18 14:32           ` Brian [this message]
2008-07-18 15:08             ` Grant Taylor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4880A977.4040100@standarduniversal.com.au \
    --to=brian@standarduniversal.com.au \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox