Hi Noel, Thanks, I didn't know about that sysctl. However, as far as I see this sysctl only covers the scenario in which the mark is copied, and it's system-wide, not linked to a specific iptables rule, so my main problem is still present, that is, I cannot mark packets generated by a REJECT target with a specific mark. Still, I can try to re-work the whole configuration of the system having in mind that sysctl. Pau Espin Pedrol 2016-12-12 17:04 GMT+01:00 Noel Kuntze <noel@xxxxxxxxxxxxxxxxx>: > Hello Pau > On 12.12.2016 12:37, Pau Espin Pedrol wrote: >> Any thoughts on this? > > Your whole email is unnecessary, because there is already a setting for it. Look at fwmark_reflect[1] > > [1] https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt > > -- > > Mit freundlichen Grüßen/Kind Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
