On Sun, 2011-02-20 at 15:13 +0000, E2IA wrote: > Hi all i'd like to know if it is possible to mark packet and accept in > the single iptable rule. There shouldn't be any need to do this. > i've these 2 rules: > > /usr/local/sbin/iptables -t mangle -A FORWARD -m layer7 > --l7proto yahoo -j MARK --set-mark 74 > /usr/local/sbin/iptables -t mangle -A FORWARD -m mark --mark > 74 -j ACCEPT > > but it seam that the second rule is never match. The second rule *should* be matched. What makes you think that it is not? Remember: a packet ACCEPTed in one chain can be DROPed later. It might be worth you posting your complete set of rules. Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
