Hi Robert, Robert Penz wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi! > > I'm trying to exclude some ip ranges from my traffic filter, for that I mark > the packets in PRE-/POST-ROUTING. > > If I mark them straight ahead it works, but if I want to do that in a user > chain I get the message that userchain.so can't beloaded. > > iptables -N capped_in > iptables -N capped_out > > # put all incoming traffic to IMQ > iptables -t mangle -A PREROUTING -i eth0 -j IMQ > # mark all packets which need to be capped > iptables -t mangle -A PREROUTING -i eth0 -d xxx.xxx.xxx.141 -s ! > xxx.xxx.xxx.0/24 -j capped_in > iptables -A capped_in -s yyy.yyy.yyy.0/27 -j RETURN > iptables -A capped_in -j MARK --set-mark 2 > > # now the outgoing traffic > iptables -t mangle -A POSTROUTING -o eth0 -s xxx.xxx.xxx.141 -d ! > xxx.xxx.xxx.0/24 -j capped_out > iptables -A capped_out -s yyy.yyy.yyy.0/27 -j RETURN > iptables -A capped_out -j MARK --set-mark 1 > > Can anyone tell me how I can achieve? thx Did you try -t mangle -A capped_in/out ? Your chains were created in the mangle table, so they can only be called from within mangle. Bye, Patrick _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
