Hello everyone, I have the following setup: Internet------------|eth0 Linux bridge eth1|--------------DMZ I'm going to use HTB on the linux bridge that filters a couple of connections in both directions. For this reason I've created a new match for iptables. The following line works very well: iptables -t mangle -I FORWARD -m mymatch --myoption -j MARK --set-mark 11 The only problem is that it just catches one single packet (the matching one) but I need to treat all related packets in the same way. How do I grab all the related packets and mark them too? I don't know if it's easily possible because I can't devide if I want to mark the connection until the first packet in PUSH-state containing data arrives. At this point the connection is already established. So I can't use iptables connection tracking, can I? Thanks for your help! Mike -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
