[...] >> What about using the nat table to add your mark on a whole connection >> instead of using the mangle table ? > > Using the nat table to 'simulate' -m conntrack --ctstate NEW, that's > just a gross hack IMO. Oh and as soon as you start using IPv6, > there is no nat, so do not even think of doing it :p Ok, thanks for your point of view I did not think about that. I am going to change some stuff :)! --- Franck Joncourt http://www.debian.org/ - http://smhteam.info/wiki/ -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
