Hi Mr Dumazet and Mr Engelhardt, 2010/5/26 Eric Dumazet <eric.dumazet@xxxxxxxxx>: >> nth uses modulus, otherwise you can't get the "every Nth" semantic. :-) >> >> (It should have been: --mode nth --every N --packet I) > > not exactly :) > > It should be --mode nth --every N-I --packet I > > (first rule consume one packet out of 48, then second rule consume one > packet out of 47, ... Great, thanks. Just so I can understand it right, the 49th new connection will be handled by the first rule, right? One last thing, mr. Engelhardt: Why did you suggest the "--tproxy-mark I/0xff" part on the first email? Why can't I let the old "--tproxy-mark 0x1/0x1"? Please correct me if I'm wrong, but I don't think the tproxy-mark is needed for your script to work (since the packet was marked with $I on the rule above with CONNMARK. Or is it? :-) Cheers, Felipe Damasio -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
