Jan Engelhardt wrote: > There is your mark-1 packet, and right above it is the ESTABLISHED > rule that catches all the other packets that have this condition, > including those marked 1 which are subsequent in the IKE talk > Right you are. I messed around with the order of the rules and noticed that the packets were in fact getting marked. It turns out I misdiagnosed the problem which seems to actually be with the vpn software not encapsulating the packets. Thanks for your time. Sincerely, Dennison Williams -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
