On Friday 2010-07-16 15:10, Luciano Coelho wrote: >> > There is one problem with this solution, which is that it works in a >> > per-connection basis (due to CONNMARK). This is not exactly what I >> > want. I need to have this on a per-ruleset basis. For that, I need to >> > have a MARK (variable?) which can be set independently of connections or >> > packets. This is similar to the proposed condition match, but what is >> > missing there is a way to set the condition with iptables itself, >> > without requiring the userspace to change the procfs file. This could >> > probably be achieved with a "CONDITION" target or something similar. >> > Any ideas? >> >> Sounds useful. > >Okay, this was the kind of confirmation I wanted before jumping into the >implementation. ;) I'll implement this target soon. My suggestion to have it combined with xt_condition. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
