Re: MARK and ! question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sven Schuster wrote:


What about using a user-defined chain like this:

iptables -t mangle -N setmark
iptables -t mangle -A setmark -s ! 193.220.70.0/27 -d 193.220.70.32/27 \
        -j RETURN
iptables -t mangle -A setmark -s ! 193.108.240.0/22 -d 193.220.70.32/27 \
        -j RETURN
iptables -t mangle -A setmark -j MARK --set-mark 107
iptables -t mangle -A POSTROUTING -j setmark

Hope this helps

Sven 

Thanks for your reply.
And can you describe how packet traverses such chain?
Thanks in advance,
Ruslan



Ruslan Spivak wrote:

Hello.

I need to mark with value 107 packets that are going NOT from the 193.220.70.0/27 network and NOT from the 193.108.240.0/22 network.
Is it possible?

Below two lines seem not to work properly because second rule won't be reached.

iptables -t mangle -A POSTROUTING -s ! 193.220.70.0/27 -d 193.220.70.32/27 -j MARK --set-mark 107

iptables -t mangle -A POSTROUTING -s ! 193.108.240.0/22 -d 193.220.70.32/27 -j MARK --set-mark 107

Your help is very, very appreciated.

Best regards,
Ruslan







[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux