Hi vinod,
I could be wrong, but if you want to mark a connection, use CONNMARK, if you want to mark a packet, use MARK.
perhaps there is a better way, but I don't know of one at this point.
-dave
On Fri, 4 Feb 2005, Vinod Chandran wrote:
Hi,
I am using the CONNMARK patch.
Inside conntrack_core, in case of special conditions, I have modified the mark value in the conntrack.
I then added the following rules in FORWARD chain.
iptables -t mangle -A FORWARD -m connmark --m mark 1 -j DROP
where the CONNMARK is set in case of the illegal packet.
However this CONNMARK value is getting effective only for the next packet and not for the same packet.
Is there some way by which, I can make the settings applicable to the same packet itself?
Thanks and Regards, Vinod C
