> -----Original Message----- > From: Jan Engelhardt [mailto:jengelh@xxxxxxxxxx] > Sent: Friday, July 22, 2011 2:19 AM > To: Jeff Haran > Cc: netfilter-devel@xxxxxxxxxxxxxxx > Subject: Re: cant specify -m mark and -m connmark in same rule > > On Friday 2011-07-22 01:46, Jeff Haran wrote: > > >Is this a bug? > > > > [root@cap-x2100m2-01 ~]# \ > >> iptables -A FORWARD -i eth2.11 -o eth1.111 -p tcp -m mark --mark > >0x0/0xfff -m connmark --mark 0x0/0xfff -j NFQUEUE --queue-num 10 > >iptables v1.4.7: mark: "--mark" option may only be specified once > >Try `iptables -h' or 'iptables --help' for more information. > >[root@cap-x2100m2-01 ~]# > > Fixed since iptables 1.4.11. Indeed it was: [root@cap-x2100m2-01 iptables]# \ > ./xtables-multi iptables -A FORWARD -i eth2.11 -o eth1.111 -p tcp -m mark --mark 0x0/0xfff -m connmark --mark 0x0/0xfff -j NFQUEUE --queue-num 10 [root@cap-x2100m2-01 iptables]# ./xtables-multi iptables --version iptables v1.4.11.1 [root@cap-x2100m2-01 iptables]# ./xtables-multi iptables -L -n -v Chain INPUT (policy ACCEPT 179 packets, 21269 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 NFQUEUE tcp -- eth2.11 eth1.111 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0xfff connmark match 0x0/0xfff NFQUEUE num 10 Chain OUTPUT (policy ACCEPT 55 packets, 6088 bytes) pkts bytes target prot opt in out source destination [root@cap-x2100m2-01 iptables]# Thanks a bunch! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
