MATT-NFT <matt-nft@xxxxxxxxxxxx> wrote: > i'm reading all of the nft wiki but it's still not clear to me howto > configure the nft mangle options. > With iptables i'm successfull using these ip commands > # ip rule add fwmark 5 table 50 > # ip route add default via 10.0.x.y table 50 > > And then create the iptables mangle rule: > # iptables -A PREROUTING -t mangle -i ethX -s 192.168.x.y -p TCP --dport 80 > -j MARK --set-mark 5 > > How would i do this with nft? You can use iptables-translate: # iptables-translate -A PREROUTING -t mangle -i ethX -s 192.168.0.1 -p TCP --dport 80 -j MARK --set-mark 5 nft add rule ip mangle PREROUTING iifname "ethX" ip saddr 192.168.0.1 tcp dport 80 counter meta mark set 5 You can adapt that to your needs, e.g. adjust saddr, change iifname, omit 'counter', etc. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
