> I use following rule for marking irc dcc transfers from my NATed lan. > > iptables -t mangle -A PREROUTING -p tcp -m helper --helper irc \ > -m mark --mark 0 -j MARK --set-mark 1 > > And this works perfectly when I send a file to somebody, and doesn't > when somebody sends something to me. Why? i was under the impression that ip_conntrack_irc was written to handle outbound DCC transfers only...not inbound. there may be a patch floating around that makes it work inbound as well--try google / marc.theaimsgroup.com/?l=netfilter... as an aside--what is that rule doing exactly, 'cause you've stumped me. to me, it says, "if a packet has a mark = 0, set the mark to 1" and you're doing this in the PREROUTING chain of the mangle table--where is the mark = 0 coming from (as i can tell, it could only be coming from a previous rule in mangle:PREROUTING)? -j
