I have many iptables setmark commands, but as soon as there is one match, I would like to skip all the rest. How to do this. -------not-working-not-mark-zero-is-not-accepted--------- iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... iptables -t mangle -A PREROUTING -m MARK ! --mark 0 -j ACCEPT iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... iptables -t mangle -A PREROUTING -m MARK ! --mark 0 -j ACCEPT iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... --------------------end----------------------------------- Since it is not working, I change it to :- Assuming I have AND-ed all the mark together to obtain the MASK, iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... iptables -t mangle -A PREROUTING -m MARK ! --mark MASK/MARK -j ACCEPT iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... iptables -t mangle -A PREROUTING -m MARK ! --mark MASK/MARK -j ACCEPT iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... Wonder if it will work ? My next question is should I use -j ACCEPT or -j RETURN ? _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
