According to graph at wikipedia (http://imageshack.us/scaled/thumb/29/iptablesb.png) in OUTPUT nat table is processed before AND after filter (2 times). I want to utilize this second time: iptables -t filter -A OUTPUT -d 1.2.3.4 -j DROP iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner abc -j DNAT --to 127.0.0.1:121 Does not work because nat is executed befure filter. iptables -t filter -A OUTPUT -d 1.2.3.4 -J DROP iptables -t filter -A OUTPUT -m owner --uid-owner abc -j CONNMARK --set-mark 0x1234 iptables -t nat -A OUTPUT -p tcp -m connmark --mark 0x1234 -j DNAT --to 127.0.0.1:121 I think that should work. It does not. What am I missing? Please help :( -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
