"Eric B." <ebenze@xxxxxxxxxxx> wrote in message news:ftj951$3cv$1@xxxxxxxxxxxxxxxx > "Jan Engelhardt" <jengelh@xxxxxxxxxxxxxxx> wrote in message > news:alpine.LNX.1.10.0804090612580.2229@xxxxxxxxxxxxxxxxxxxxxxxxxxxx > Do the ip rules based on the fwmark work on the individual packet's mark > value or the conntrack mark, or both? If both (as what it seems), why do you bother with the --restore-mark in the PREROUTING chain, if the connection is already marked anyhow? And if not, then why do you not have a --restore-mark in both the FORWARD and OUTPUT chains? Thanks, Eric -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
