On Tue, 2012-06-26 at 11:38 +0300, Oguz Yilmaz wrote: > Hi > > I use connmark in raw table. Please look at the following -L output. > At the beginning of the chain I copy packet mark to the connection. -m > mark matches packets. However -m connmark not matches. It is clearly > visible from packet counters. > How can we explain this? I'm guessing this is because the raw table is traversed before connection tracking. See: http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
