* iptables mangle PREROUTING on br0.17
@ 2015-12-14 16:10 Robert Sander
0 siblings, 0 replies; only message in thread
From: Robert Sander @ 2015-12-14 16:10 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 704 bytes --]
Hi,
I need to add a connection mark on packets that enter the system on a
bridge interface with a VLAN tag.
The network setup looks like:
eth0-\
eth1--\ /-br0.15
eth2----bond0--\ /--br0.16
eth2--/ --br0-----br0.17
tap0--/ \--br0.18
The rule
iptables -t mangle -A PREROUTING -i br0.17 -j CONNMARK --set-xmark 0x11
does not match the packets incoming on br0.17, no connection mark is
applied. tcpdump -i br0.17 shows incoming packets.
Is it even possible to match which such a nested setup for the interfaces?
Regards
--
Robert Sander
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin
http://www.heinlein-support.de
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-12-14 16:10 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-12-14 16:10 iptables mangle PREROUTING on br0.17 Robert Sander
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).