The rule is applied without errors, but counters remain 0 in the second format of the rule (and does not work of course) DB On Thu, 2 Mar 2006, Mpourtounis Dimitrios wrote: > Hi all, > > I am using 2.6.15 kernel, iptables-1.3.5.tar.bz2 and > netfilter-layer7-v2.1.tar.gz patch. > > Is there any possibility the sequence of "matches" is important? > > This one is ok: > iptables -t mangle -A POSTROUTING -m layer7 --l7proto http -m mark > --mark=0x2710 -j MARK --set-mark=0x2711 > > but this one does not match: > iptables -t mangle -A POSTROUTING -m mark --mark=0x2710 -m layer7 > --l7proto http -j MARK --set-mark=0x2711 > > Thanks, > DB > > > >
