Hi Richard, On Thu, 7 Jul 2022 15:17:39 +0200 Richard Lucassen <mailinglists@xxxxxx> wrote: > Hello list, > > I have two lines in the iptables PREROUTING mangle table to split up > traffic from even and odd ip numbers: > > -s 10.32.24.0/23 -j CONNMARK --set-mark 0x1001 > -s 10.32.24.0/255.255.254.1 -j CONNMARK --set-mark 0x1000 > > But I noticed that rules in this order does not work (everything > gets 0x1001): > > -s 10.32.24.0/255.255.254.1 -j CONNMARK --set-mark 0x1000 > -s 10.32.24.0/23 -j CONNMARK --set-mark 0x1001 > > So I assume the the CONNMARK rules are not end rules (hit = exit) > > Is that correct? Yes, it is. This could be confirmed by inspecting the rule counters or by using the TRACE target. -- Kerin Millar
