> > My goal is to set-up an iptables rule that will match and DNAT the
> > first HTTP(port 80) connection from a client (IP address).
> >
> > The first connection is defined as the first established TCP session
> > from the time the iptables rule is inserted. No other TCP connection
> > should match nor should be DNAT-ed.
> >
> > Is there any easy way to do this with current Netfilter/Iptables/pom.
>
> I can't think of a way to do this with netfilter on its own.
Well I've come to this solution, but I wonder how reliable it is
iptables -t nat -p tcp --dport 80 -s 171.68.1.1 -m quota --quota 40 \
-j REDIRECT --to-ports 9999
This seems to match only the first connection.
Any other ideas???
--
Damjan Georgievski
jabberID: damjan@xxxxxxxxxxxx
