On Mon, 2004-05-31 at 10:16, Cedric Blancher wrote: > I think your ruleset does not work because a packet without a mark will > match your non-zero mark rule. I mean that no mark is different than 0, > so all packets will match the first "-m mark ! --mark 0" rule. Really? No mark and mark 0 are different? How do you distinguish an unmarked packet in a ruleset? I ask because this relates to an as yet unanswered question of mine, with Subject "CONNMARK restore-mark creates conntrack entry?" Ciao, Sheldon.
