Dnia piątek 24 wrzesień 2004 19:28, Tomasz Chilinski napisał: > On Fri, 24 Sep 2004 20:21:22 +0200, cvok wrote > > > Hello everybody. > > Hello. > > > i think when packet is passing trough my POSTROUTING in mangle table > > it can't match rule 2 or 3, but in the real life it is a little bit > > different > > > > iptables -t mangle -L PREROUTING -v > > shows following: > > Chain PREROUTING (policy ACCEPT 16M packets, 4534M bytes) > > pkts bytes target prot opt in out source destination > > 159K 53M CONNMARK all -- any any anywhere > > anywhere CONNMARK set 0x0 > > 1090 112K all -- > > any any anywhere anywhere CONNMARK > > match 0x5 > > 22 1843 all -- any any anywhere > > anywhere CONNMARK match 0x6 > > > > i don't know if it is correct, so please tell me if it is normal. > > It's normal. CONNMARK target doesn't mean stopping traversing the chain. You can match packet againt and use -j RETURN so it would "escape" from current chain. (at least i think so ;> ) -- .: Jakub Głazik (zytek) .: email: zytek@xxxxxxxxxxxxxxx .: JID: zytek@xxxxxxxxxxxxxxxxxxxxxx .: http://www.misiaj.sie.pl [obsolete] _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
