> I wonder if this is true. Shouldn't one rather use iptables -t mangle -A
> PREROUTING -i eth0 -j IMQ at the end (after the other rules) ? Otherwise
> everyting from eth0 will go right to target IMQ and the other rules are
> never executed, i.e. the desired packets are never marked and all the
> filters are never true ...
The script is ok.
The iptables command registers netfilter hooks. The order you enter the
commands is not important.
For ingress, the imq rules are processed just after the mangle rules. So you
can use the iptable mark when filtering on the imq device. For egress, the
imq rules are matched after all iptables rules.
The packet is only queued in the imq device if it passes all previous rules.
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
