Hi I would not like to create the impression trying to do any pressure on this topic but i recognized that my patch description maybe was a little bit poor. In order to make sure the patch is understood correctly, here the bug report, of which that patch is the fix: If you use the CONNMARK target, it makes a difference if you have the -j option as last option or before the matches. iptables -t mangle -N test This works: iptables -v -t mangle -I test -m connmark --mark 7 -j CONNMARK --set-mark 0x7/0xf CONNMARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 CONNMARK match 0x7 CONNMARK set 0x7/0xf This not: iptables -v -t mangle -I test -j CONNMARK --set-mark 0x7/0xf -m connmark --mark 7 CONNMARK all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 CONNMARK match 0x7 CONNMARK set 0x7 In the second call, the CONNMARK mask (0xf) will be eaten. peter -- :: e n d i a n :: open source - open minds :: peter warasin :: http://www.endian.com :: peter@xxxxxxxxxx
begin:vcard fn:Peter Warasin n:;Peter Warasin org:Endian GmbH/Srl adr:;;Pillhof 47;Frangart/Frangarto;BZ;I-39010;Italien/Italia email;internet:peter@xxxxxxxxxx tel;work:+39 0471 631763 tel;fax:+39 0471 631764 x-mozilla-html:FALSE url:http://www.endian.com version:2.1 end:vcard
