Hi everyone. I am writing the last part of my scripts to use nftables instead of iptables. Last tasking is part of load balance between 2 internet links. I have read this paper about load balance. ( thanks Laura 80) ) https://netdevconf.info/1.1/proceedings/papers/Load-balancing-with-nftables.pdf and those for conntrack https://superuser.com/questions/1277697/making-routing-decisions-based-on-uid-using-nftables https://wiki.nftables.org/wiki-nftables/index.php/Setting_packet_metainformation If I have this situation: |-------------| ------wan1 ------ ----lan----| Firewall | |------------|-------wan2 ------- I believe that I'll have to use iproute2 + nftables + mangle + ctmark for lan packages and applications that reside in firewall because I cant brake connections between lan and internet ( suppose that at lan I have an user accessing home bank ( port 443/tcp) . In this situation I must consider all traffic from this connection to in/out for the same link. Am I correct? thanks for your time best regards
