On Fri, Feb 18, 2005 at 11:56:29AM +0100, Omar Garcia wrote:
> And this?
> iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
> iptables -t mangle -A OUTPUT -m connmark ! --mark 0 -j ACCEPT
> iptables -t mangle -A OUTPUT -j MARK --set-mark 9
> iptables -t mangle -A OUTPUT -j CONNMARK --save-mark
That doesn't work because, as I posted, neither --save-mark nor
--restore-mark appear to work.
The --save-mark does not set and save the mark value in any line in
/proc/net/ip_conntrack.
The --restore-mark does not take the mark value from a line in
ip_conntrack and restore it into any packet.
See my original posting for examples of this. I think my kernel must be
broken, unless I'm misunderstanding how these things are supposed to work.
--
-IAN! Ian! D. Allen Ottawa, Ontario, Canada
EMail: idallen@xxxxxxxxxx WWW: http://www.idallen.com/
College professor (Linux) via: http://teaching.idallen.com/
Support free and open public digital rights: http://eff.org/
