Costi wrote:
[ Please don't top post! ]
Now my problem is like this:
If I want to connect to ssh to one of the ip's from d A.B.C.D/X all
my packets are set-marked with 2. The rule with d A.B.C.D/X is
above tho one with ssh.
Shouldn't the ssh connection to A.B.C.D/X be marked with 1 ? If not
what I am doing wrong.
It IS marked with 1, subsequently overwritten by 2 by the second rule.
> But still isn't iptables *first rule wins* policy ? From what I know
iptables runs with this policy?
No, first rule gets executed first. If that is a rule with a terminal
target, the processing stops there. Otherwise processing continues with
the next rule.
To get what you want, do this:
$IPT -t mangle -A PREROUTING -i $INT_IF -d A.B.C.D/X -j T1
$IPT -N T1
$IPT -A T1 -j MARK --set-mark 1
$IPT -A T1 -j ACCEPT
$IPT -t mangle -A PREROUTING -i $INT_IF -p tcp --dport 22 -j MARK
--set-mark 2
HTH,
M4
