On Wednesday 05 October 2005 18:30, Sean Dwyer wrote: > Near the end of section 15.10, the following commands are shown for prioritizing SYN packets: > > iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1 > iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN > > Shouldn't the "-I" option really be "-A"? Like so: > > iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1 > iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN > > Won't using "-I" cause these entries to be inserted at the top of the chain, putting the RETURN > before the MARK is set? Maybe I'm missing something. Does anybody who maintains lartc.org read this mailing list? _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
