Hi Ruslan, > Can you help me to construct logic: (from src1 OR from src2) AND > dst=some_dst_addr THEN mark packet with 108 > Possible form: (from src1 OR from src2 OR from src3 OR ... and so on) > AND dst=some_dst_addr THEN mark packet with 108 That's easy: iptables - iptables -t mangle -N setmark iptables -t mangle -A setmark -j MARK --set-mark 107 iptables -t mangle -A POSTROUTING -s src1 -d dst1 -j setmark iptables -t mangle -A POSTROUTING -s src2 -d dst1 -j setmark iptables -t mangle -A POSTROUTING -s src3 -d dst1 -j setmark > Can you give me an example with above networks? - i mean packets with > (src=193.220.70.0/27 or with src=193.108.240.0/22) and > dst=193.220.70.32/27 will be marked with 108. Just substitute whatever addresses you want into the above. Cheers, Chris. -- ___ __ _ / __// / ,__(_)_ | Chris Wilson -- UNIX Firewall Lead Developer | / (_ / ,\/ _/ /_ \ | NetServers.co.uk http://www.netservers.co.uk | \ _//_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 |
