On Thu, 2012-04-19 at 18:30 +0200, Marco Gaiarin wrote: > Ok, now that i'm on business with fwmark, i'm testing ifb, as a way to > do ingress policying based on fwmarks. You can't. IFB hooks into the interface *before* iptables, so you won't see any marks on the packets. > Last chance imq. Someone just know if in imq i can use netfilter, so i > can save some test-time? Yes, this is your only chance. I've not used IMQ for a long time, but from memory you can choose where to hook it into iptables. Question 4 of the FAQ has further details: http://linuximq.net/faq.html The disadvantage is that you'll need to patch your kernel unfortunately. As always, the kernel packet flow diagram is very useful: http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg Andy -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
