hi
i have some numbers, which i cannot explain:
50M 30G CONNMARK all -- any any anywhere anywhere CONNMARK restore
451K 265M ACCEPT all -- any any anywhere anywhere MARK match 0x3
61830 43M ACCEPT all -- any any anywhere anywhere MARK match 0x2
110K 38M ACCEPT all -- any any anywhere anywhere MARK match 0x1
there is an obvious difference. 50M != 451K + 61830 + 110K.
in front of this rule, i have some rules without marking (accept traffic for special networks). after this MARK rules i have a lot of layer7 rules with marking. my last rule is MARK.
50M 30G CONNMARK all -- any any anywhere anywhere CONNMARK set 0x3
50M 30G CONNMARK all -- any any anywhere anywhere CONNMARK save
50M 30G ACCEPT all -- any any anywhere anywhere
(END)
IMHO, traffic for the special network will never reach this mark rules, so this should not influence the numbers. the rest is marked by 1, 2 or 3. unknown traffic should be marked with 3.
any ideas?
regards moritz
-- Uplink student association Moritz Gartenmeister Bülachstrasse 1 F 8057 Zürich Switzerland
