Michael a écrit :
So I will have to implement some rules in the filter table.
Or in the mangle table.
As far as I can tell, though, the only way to share a quota counter between rules in the nat table and filter table is to implement it in userspace. Is this correct?
If you mean share the quota result with other rules, you can use the MARK target to mark packets in the mangle table and test the packet mark with the mark match in other tables/chains.
# mark the packet if the quota is not exceeded iptables -t mangle -A PREROUTING -m quota [...] -j MARK --set-mark 1 # test the mark iptables -t nat -A PREROUTING -m mark [!] --mark 1 [...] -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
