> What I to do is MARK a packet's stream. I want to be able to match > ESTABLISHED packets to determine if they belong to a MARKed stream. How about: Well, just mark the packets and then match the marked that are belong to ESTABLISHED, like so: example: iptables -A PREROUTING -t mangle -p tcp --dport 80 -j MARK --set-mark 3 iptables -A FORWARD -m state --state ESTABLISHED -m mark --mark 3 -j LOG Regards, Maciej Soltysiak
