-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
I'm trying to exclude some ip ranges from my traffic filter, for that I mark
the packets in PRE-/POST-ROUTING.
If I mark them straight ahead it works, but if I want to do that in a user
chain I get the message that userchain.so can't beloaded.
iptables -N capped_in
iptables -N capped_out
# put all incoming traffic to IMQ
iptables -t mangle -A PREROUTING -i eth0 -j IMQ
# mark all packets which need to be capped
iptables -t mangle -A PREROUTING -i eth0 -d xxx.xxx.xxx.141 -s !
xxx.xxx.xxx.0/24 -j capped_in
iptables -A capped_in -s yyy.yyy.yyy.0/27 -j RETURN
iptables -A capped_in -j MARK --set-mark 2
# now the outgoing traffic
iptables -t mangle -A POSTROUTING -o eth0 -s xxx.xxx.xxx.141 -d !
xxx.xxx.xxx.0/24 -j capped_out
iptables -A capped_out -s yyy.yyy.yyy.0/27 -j RETURN
iptables -A capped_out -j MARK --set-mark 1
Can anyone tell me how I can achieve? thx
- --
Regards,
Robert
- ----------------
Robert Penz
robert.penz@outertech.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9TcAj8tTsQqJDUBMRAoSfAKCDG3rDZsegmeR9HlvsnNptPIyiMwCdH/An
af69+Ymez7VxWqBtX8I40Yg=
=k0pV
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
