On Wednesday 2010-05-26 21:01, Felipe W Damasio wrote: > >2010/5/26 Jan Engelhardt <jengelh@xxxxxxxxxx>: >> -A PREROUTING -m conntrack --ctstate NEW -j extrachain >> for (I = 0; I < N; ++I) >> -A extrachain -m statistic --mode nth --every I \ >> -j CONNMARK --set-mark I >> for (I = 0; I < N; ++I) >> -A PREROUTING -m connmark --mark I -j TPROXY \ >> --tproxy-mark I/0xff --on-port I+3127 > > You mean do this using: > >N=48 (or whatever number of http_port we're using) > > So we create 48 rules using this setup? Since there are two loops to be done, it would be 96 rules in total. > I can see why it'll work on the first 48 packets (one for each >rule), but what happens on the 49th new connection? It'll go on the >first rule again? Oh that reminds me of - "The Bible says we're supposed to work six days and rest on the seventh. But where is it written that we should start working again on the eighth?" nth uses modulus, otherwise you can't get the "every Nth" semantic. :-) (It should have been: --mode nth --every N --packet I) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
