Is there a way with tcpdump to verify that the marks are actually getting set though? Casey ----- "Matt Zagrabelny" <mzagrabe@xxxxxxxxx> wrote: > On Fri, 2008-02-22 at 14:40 -0800, Casey Scott wrote: > > Ultimately, I am trying to mark packets for a tc filter. Should I > > not be using the iptables set-mark to do that? > > I think set-mark is fine for that. > > I suggest marking some packets in the prerouting chain and then > logging > them in input chain. Something like the following: > > $iptables --table mangle --append PREROUTING > --in-interface $in_interface > --destination $host --jump MARK --set-mark $mark_integer > > $iptables --table filter --append INPUT > --in-interface $in_interface > --match mark --mark $mark_integer --jump LOG > > > - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
