Very nice!! Can you share this code by any chance? Eliezer On 1/15/2013 8:37 PM, Sebastian Poehn wrote:
Thanks Eliezer. You are right. Creating a ipset containing all routes is the only thing you can do in PREROUTING. As this solution is not useable for me, I ended up writing a small piece of code taking a packet from NFQUEUE and performing a nexthop lookup and outgoing if and accordingly setting a fwmark. -m mark --mark LOCAL -j CONNMARK --set-mark LOCAL -m mark --mark WIDE -j CONNMARK --set-mark WIDE -m connmark --mark LOCAL -j ACCEPT -m connmark --mark WIDE -j TPROXY -m TPROXYTRAFFIC -j NFQUEUE Notice the usage of connmark so only one lookup is needed for a stream.
-- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
