On Wed, 2004-11-03 at 20:17 +0200, Abraham van der Merwe wrote: > Hi! > > If I add > > # rules to track ftp > iptables -t mangle -A POSTROUTING -p tcp -j CONNMARK --restore-mark > iptables -t mangle -A POSTROUTING -p tcp -m mark ! --mark 0 -j RETURN If packet are marked they return so leave mangle, so if CONNMARK works leave mangle. > # a rule to see how much ftp traffic is matched > iptables -t mangle -A POSTROUTING -m mark --mark 2 This line is never reached if CONNMARK works. BR, -- Eric Leblond <eric@xxxxxxxxx> NuFW, Now User Filtering Works : http://www.nufw.org
Attachment:
signature.asc
Description: This is a digitally signed message part
