On Thu, 2003-03-13 at 08:50, Eric Leblond wrote: > Le mer 12/03/2003 à 22:25, Abraham van der Merwe a écrit : > I wrote a very little howto : > http://home.regit.org/connmark.html I just rewrite the mini-howto because I found a best way to do the thing. The code is now the following : iptables -A POSTROUTING -t mangle -j CONNMARK --restore-mark iptables -A POSTROUTING -t mangle -m mark ! --mark 0 -j ACCEPT iptables -A POSTROUTING -m mark --mark 0 -p tcp --dport 21 -t mangle -j MARK --set-mark 1 iptables -A POSTROUTING -m mark --mark 0 -p tcp --dport 80 -t mangle -j MARK --set-mark 2 iptables -A POSTROUTING -m mark --mark 0 -t mangle -p tcp -j MARK --set-mark 3 iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark It use save-mark to convert fwmark into connmark, so all the packet of the connection get the correspondant mark. More explanation on the site. -- Eric Leblond <eric@xxxxxxxxx> Regit.org
Attachment:
signature.asc
Description: This is a digitally signed message part
