--mark match/subsetting question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


I've got a whole bunch of redirect rules in the PREROUTING table, but for some
connections (say from one IP for examlpe) I want none of these redirects to take effect.
I need to toggle this effect on and off easily. Inserting/Removing one rule is ideal, but
I can't insert and remove all rules.
(Connections that exist when its toggled are unimportant)

I first way I thought to do this is with every REDIRECT rule use a --source ! <ipfoo>,
but then I have to delete all rules and reinsert (without the --source) to toggle.

Then I figured I'd put a mark rule out front to mark connections I don't want redirected, and
every redirect rule would have a --mark ! 0x01, but the not operator doesnt seem to work with mark.
(Is there a default mark? - If so that would work).

It seems this is a fairly simple thing to do, and I'm positive I can do it given the current tools,
but I can't see how.
Any ideas?

Thanks!

_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page ? FREE download! http://toolbar.msn.com/go/onm00200413ave/direct/01/


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux