iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m ipp2p --ipp2p -j MARK \ --set-mark 1 iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j CONNMARK\ --save-mark Hi i`m using above configuration to mark my ipp2p traffic. and it works fine. iptables -t mangle -L -v Chain PREROUTING (policy ACCEPT 641K packets, 450M bytes) pkts bytes target prot opt in out source destination 549 141K CONNMARK tcp -- any any anywhere anywhere CONNMARK restore 68 8351 ACCEPT tcp -- any any anywhere anywhere MARK match !0x0 19 9409 MARK tcp -- any any anywhere anywhere ipp2p v0.5c --ipp2p MARK set 0x1 19 9409 CONNMARK tcp -- any any anywhere anywhere MARK match !0x0 CONNMARK save Up to here everything is ok. But i want to accept marked packages trough filter table matching marked packages, and it does`nt work: iptables -A FORWARD -p tcp -j ACCEPT -m mark --mark 1 iptables -A FORWARD -j DROP -s 192.168.9.0/24 -d 0/0 iptables -A FORWARD -j DROP -d 192.168.9.0/24 -s 0/0
