On 12.12.2016 18:07, Pau Espin Pedrol wrote: > that is, I cannot mark packets generated by > a REJECT target with a specific mark. You shouldn't rejects any different than the original responses anyway, so it's not a problem, because you don't have to treat them different than the original packets that caused them. And you can still route and mark local (including ones that were caused by -j REJECT) packets. Look at the graph[1]. [1] http://inai.de/images/nf-packet-flow.png -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Attachment:
signature.asc
Description: OpenPGP digital signature
