> How can I detemine whether or not a iptables set-mark operation > is working? iptables -t mangle -nvL shows packets matching the > rules with the set-mark. However, with a tcpdump -vvv -i > <interface> > I can not see the mark. I am looking at the tos field, and I > don't see a tos field matching the marks I am trying to set. Did you try to match the mark in a subsequent rule and LOG the packet when the rule hits? See also man iptables: mark This module matches the netfilter mark field associated with a packet (which can be set using the MARK target below). --mark value[/mask] Matches packets with the given unsigned mark value (if a mask is specified, this is logically ANDed with the mask before the comparison). Grts, Rob - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
