John Lister a écrit :
I thought local packets went through this chain
mangle(OUTPUT) -> nat (OUTPUT) -> OUTPUT -> routing decision -> mangle
(POSTROUTING) -> nat (POSTROUTING)
Actually there is an initial decision routing when the packet is created
before the OUTPUT chains, in order to select the output interface and
source address. Also after "nat (OUTPUT)" it should be "filter (OUTPUT)".
Ah, that sort of makes sense... I'd assumed the source address wasn't set
until the routing decision later in the list...
I'd shortened it without the filter part as you don't need to specify the
table :)
[...]
iptables -t mangle -A OUTPUT -m mark --mark 0 -m state --state
-j MARK --set-mark 111
Isn't something missing in that rule ?
I'm guessing you mean the statistic bit? It isn't needed as the first will
have set the mark to be non zero, but i guess it should be there for
consistency..
Also, I can see no iptables rule setting mark 222.
cut and paste error, last line should be 222
Thanks
John
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
