Hello list. I've got a question with CONNMARK target. It's possible to mark whole connection playing with this parameter ? What i want is when a packet arrives to port 6900 UDP of firewall, mark it with 0x99, and when the response packet arrives again from DMZ interface of the firewall, are marked again with 0x99. I want to mark only packets arrives from one interface of the firewall plus the response must be marked too "dinamicaly". I can mark all outgoing packets src port 6900 udp coming from DMZ iface, but thats not what i want to do, becouse i want tou route packets back through the corresponding inet iface that thouse udp packets coming. Then i can do something like: ip rule add fwmark 0x99 lookup table2 Is this possible ? regards -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
