Hi! > You can add rule connmarking traffic to 0x10 at the end of nat > postrouting chain and drop everything with that connmark in filter > forward chain. First packet of the filtered flows would get trough but > everything would be axed. That's a neat trick, but still I believe there should be a simple way how to do egress filtering. Would a patch adding a POSTROUTING chain to the raw table, positioned after all other chains, be welcome? Have a nice fortnight -- Martin `MJ' Mares <mj@xxxxxx> http://mj.ucw.cz/ Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth "Please try to fit your code to 80 columns. That's decimal 80." -- A. Morton -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
