Hello there! > I'd also do like this: > > iptables -t mangle -A to-dsl -p tcp --dport 22 -j MARK --set-mark 1 > iptables -t mangle -A to-dsl -p tcp --dport 22 -j RETURN > > iptables -t mangle -A to-dsl -p tcp --dport 80 -j MARK --set-mark 2 > iptables -t mangle -A to-dsl -p tcp --dport 80 -j RETURN > > etc... > > Otherwise iptables will do the whole "to-dsl" list for every packet. In > your case ot wouldn't matter except for some extra CPU usage. But if you > would like to mark port 80 as bulk-traffic and ACK's as interactive > traffic, then those port 80 ACK's could be marked as bulk which you > wouldn't want it to. Does this behavior also occure when using ipchains? Greetings Nils
