1. Paket arrives at mangle/POSTROUTING 2. Paket jumps from POSTROUTING chain to setmark chain 3. When the the pakets' source is _not_ 193.220.70.0/27 the paket will return to mangle/POSTROUTING and continue traversal. 4. When the the pakets' source is _not_ 193.108.240.0/22 the paket will return to mangle/POSTROUTING and continue traversal. 5. So now we have pakets neither coming from 193.220.70.0/24 nor from 193.108.240.0/22. And those pakets are MARKED with the value 107.
Hope this is enough for you ;-)
Have a nice day
Sven
Ruslan Spivak wrote:
Sven Schuster wrote:
What about using a user-defined chain like this:
iptables -t mangle -N setmark
iptables -t mangle -A setmark -s ! 193.220.70.0/27 -d 193.220.70.32/27 \
-j RETURN
iptables -t mangle -A setmark -s ! 193.108.240.0/22 -d 193.220.70.32/27 \
-j RETURN
iptables -t mangle -A setmark -j MARK --set-mark 107
iptables -t mangle -A POSTROUTING -j setmark
Hope this helps
Sven
Thanks for your reply. And can you describe how packet traverses such chain? Thanks in advance, Ruslan
