On 29.10.2010 14:59, Jan Engelhardt wrote: > On Friday 2010-10-29 07:26, Changli Gao wrote: >>>>> >>>>>> When using `-m mark --mark 2 -m connmark --mark 2`, the user currently >>>>>> gets an error about the (libxt_mark) --mark option being used twice. >>>>>> This is because libxt_connmark's option table does not override any >>>>>> previous options. This patch changes this behavior, since the current >>>>>> behavior does not allow connmark's option to be used at all, which is >>>>>> illogical. >>>>> >>>>> As per fw's suggestion, I should nag you every 48 hours ;-) >>>>> >>>>> Really, this should be in the next tag. >>>> >>>> This stuff is pretty fragile and whenever we changed it, something broke >>>> for users. Why not simply add new options (--connmark etc). That would >>>> also be more consistent with the other extensions. Something very non-intuitive is happening with this patch: # iptables -A OUTPUT -p tcp --dport 10000 iptables v1.4.9: host/network `port' not found Try `iptables -h' or 'iptables --help' for more information. port is interpreted as parameter to '-d'. I'm reverting this for now, please resend if you can come up with a way to fix this. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
