> > There was talk before about using CONNTRACK and marking packets on the list > > before.. I think this is the solution but I didn't see a successful > > response.. > > You can MARK packets on their way through netfilter, and do various > interesting and possibly useful things to the packet on the basis of the mark > which was assigned, however I do not think there is any way of identifying > the packets which come in later as replies to these, and thereby doing > anything based on the mark which was assigned to the first packet on its way > through. Something I'm working on (or at least thinking really hard about) is a user-space Perl script that will (somehow) record sequence and acknowledgment numbers for outgoing packets, then possibly act on the returning packets depending on the ack and seq numbers found. Am I way off, or would this help/apply here? Marco
