Re: how to match connection tracker's flows?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2004-11-03 at 20:17 +0200, Abraham van der Merwe wrote:
> Hi!
> 
> If I add
> 
> # rules to track ftp
> iptables -t mangle -A POSTROUTING -p tcp -j CONNMARK --restore-mark
> iptables -t mangle -A POSTROUTING -p tcp -m mark ! --mark 0 -j RETURN

If packet are marked they return so leave mangle, so if CONNMARK works
leave mangle.

> # a rule to see how much ftp traffic is matched
> iptables -t mangle -A POSTROUTING -m mark --mark 2

This line is never reached if CONNMARK works.

BR,
-- 
Eric Leblond <regit@xxxxxx>
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux