Hi, We have a specific scenario where we need to use conntrack zones along with connmarks. In our tests we saw that connmarks are fully restored in mangle table, but we need them available in raw table in order to assign the corresponding zone: eg: iptables -t raw -I PREROUTING -j CONNMARK --restore-mark iptables -t raw -A PREROUTING -m mark --mark 2 -j CT --zone 2 Sadly, we haven't been able to make this work, by looking at the TRACE log, the mark is not restored in raw table, but in mangle table. Since mangle table already happens after conntrack processing, we cannot assign the zone. Any idea how we can approach this? Thanks,
