Konstantin Ushakov a écrit :
What about the REJECT target ?
Correct me if I'm mistaken, but REJECT target is only valid in filter
table.
Correct.
But the packet does not reach filter table because of reasons
described by Patric (as we DROP it after mangle).
Im meant to use the REJECT target /instead of/ an "unreachable" routing
rule.
Remove
ip rule add from all fwmark 0xb lookup 99 unreachable prio 40000
And add
iptables -t filter -A OUTPUT -m mark --mark 0xb \
-j REJECT --rejected-with icmp-net-unreachable
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
