|
Hello Alejandro, The MARK target always returns a CONTINUE verdict internally, so packet will be matching the next rule as well. You may append another rule that either RETURNs or ACCEPTs the packet. Regards, Padam Alejandro Ramos Encinosa wrote: Hi all!! I was trying to figure out how iptables marks work. I thought that a packet could just be marked once into a chain (if the packet matchs the criteria, then it the action is applied, and that's all for the packet into this chain), but I was wrong: I did iptables -t mangle -A INPUT -i eth0 -j MARK --set-mark 7 iptables -t mangle -A INPUT -i eth0 -j MARK --set-mark 8 and then I did `iptables -t mangle -L -x -v' and I got Chain INPUT (policy ACCEPT 9565560 packets, 4954706655 bytes) pkts bytes target prot opt in out source destination 45 31630 MARK 0 -- eth0 any anywhere anywhere MARK set 0x7 45 31630 MARK 0 -- eth0 any anywhere anywhere MARK set 0x8 Can someone tell me how can I be sure one packet will just be marked once into the chain? _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc |
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
