CONNMARK rules

Richard Lucassen <mailinglists@xxxxxx> · Thu, 7 Jul 2022 15:17:39 +0200

Hello list,

I have two lines in the iptables PREROUTING mangle table to split up
traffic from even and odd ip numbers:

-s 10.32.24.0/23 -j CONNMARK --set-mark 0x1001
-s 10.32.24.0/255.255.254.1 -j CONNMARK --set-mark 0x1000

But I noticed that rules in this order does not work (everything
gets 0x1001):

-s 10.32.24.0/255.255.254.1 -j CONNMARK --set-mark 0x1000
-s 10.32.24.0/23 -j CONNMARK --set-mark 0x1001

So I assume the the CONNMARK rules are not end rules (hit = exit)

Is that correct?

R.

-- 
richard lucassen
http://contact.xaq.nl/