MARK used to be limited to the mangle table, but there was no real restriction. References: http://marc.info/?l=netfilter-devel&m=126806510332668&w=2 Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx> --- extensions/libxt_MARK.man | 7 ++++--- 1 files changed, 4 insertions(+), 3 deletions(-) diff --git a/extensions/libxt_MARK.man b/extensions/libxt_MARK.man index 98be812..aaeceb4 100644 --- a/extensions/libxt_MARK.man +++ b/extensions/libxt_MARK.man @@ -1,7 +1,8 @@ This target is used to set the Netfilter mark value associated with the packet. -The target can only be used in the \fBmangle\fR table. It can, for example, be -used in conjunction with routing based on fwmark (needs iproute2). The mark -field is 32 bits wide. +It can, for example, be used in conjunction with routing based on fwmark (needs +iproute2). If you plan on doing so, note that the mark needs to be set in the +PREROUTING chain of the mangle table to affect routing. +The mark field is 32 bits wide. .TP \fB\-\-set\-xmark\fP \fIvalue\fP[\fB/\fP\fImask\fP] Zeroes out the bits given by \fImask\fR and XORs \fIvalue\fR into the packet -- 1.7.0.2 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
