El jue, 16 de 09 de 2004 a las 10:51, Arrizabalaga, Saioa escribiÃ: > I am analysing the script written in the ADSL-Bandwith-Management-HOWTO > I found in www.tldp.org. > > It marks all the packets depending on the ports they use, for example: > > iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 0:1024 \ > -j MARK --set-mark 23 # Default for low port traffic > iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 20 \ > -j MARK --set-mark 26 # ftp-data port, low prio > > But as far as I can see, the packet that matches the second rule, > matches the first rule as well, so, I guess that when this packet is > marked by the first rule (--set-mark 23), follows the chain, sees that > it also matches the second rule and then it is marked again with the new > value(--set-mark 26). > > I would like someone to confirm this. If all this is true, the most > specific rules should be placed at the end, am I right? > > Regards, > > Saioa Arrizabalaga Yes, you are right, the last mark is the one that remains when the last rule is applied, so you must order your mark rules from the more general to the more specific ones. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
