-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jan Engelhardt: >>> You have to mark it in the PREROUTING chain of the mangle >>> table, to be able to match on it within the PREROUTING chain of >>> the nat table. >> Is this also true, if I jump from PREROUTING mangle in a user >> defined chain and mark my packets there? > > Just make sure it gets marked in a table/chain (or subchain > thereof) before the nat-PREROUTING chain is hit, according to > http://www.imagestream.com/~josh/PacketFlow-new.png > Good stuff , very clear flow ! Thank you ! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFHg7e7tZp58UCwyMRAqgDAJ9mVf92fMHZUL5PHhL0UtNBJn9nnACfS4rx UG7NZsE/bgQMsbQTYnzCMdo= =5FpZ -----END PGP SIGNATURE-----
