Hi Ruslan, > Sorry for disturbance, but one more question: it looks like all other > packets not from > > 193.220.70.0/27 and not from 193.108.240.0/22 will be marked, but i need > mark packets that have destination 193.220.70.32/27 and not from above > mentioned networks. What else should i add or modify? Sorry, it looks like the ruleset is still wrong. Try this one: iptables -t mangle -N setmark iptables -t mangle -A setmark -s 193.220.70.0/27 -j RETURN iptables -t mangle -A setmark -s 193.108.240.0/22 -j RETURN iptables -t mangle -A setmark -d ! 193.220.70.32/27 -j RETURN iptables -t mangle -A setmark -j MARK --set-mark 107 iptables -t mangle -A POSTROUTING -j setmark Cheers, Chris. -- ___ __ _ / __// / ,__(_)_ | Chris Wilson -- UNIX Firewall Lead Developer | / (_ / ,\/ _/ /_ \ | NetServers.co.uk http://www.netservers.co.uk | \ _//_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 |
