Hi Eric! > > iptables -A FORWARD -s $net -m conntrack --proto ftp > > iptables -A FORWARD -s $net -m conntrack --proto irc > > iptables -A FORWARD -s $net -m conntrack --proto h323 > > To do so you can use the conmarck module (from iptable pom) : the mark > of the packet is given following the conntrack. It's a bit tricky to use > (you have to restore mark) but it do the job. I take it you are talking about the connmark match. I don't see how you can use that to track of the connection. All you can do is match/change packets with a certain mark value. But how do you know what mark value is assigned to packets matched by a specific connection tracking module. For example, let's say I wanted to match h323 packets. How would I know what MARK value to use? -- Regards Abraham Children are like cats, they can tell when you don't like them. That's when they come over and violate your body space. ___________________________________________________ Abraham vd Merwe - Frogfoot Networks CC 9 Kinnaird Court, 33 Main Street, Newlands, 7700 Phone: +27 21 686 1674 Cell: +27 82 565 4451 Http: http://www.frogfoot.net/ Email: abz@xxxxxxxxxxxx
Attachment:
pgp00113.pgp
Description: PGP signature
