Re: MARK and CONNMARK

[Brian <brian@xxxxxxxxxxxxxxxxxxxxxxxx>]

still I am having some unexpected results

if I do


iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A POSTROUTING -m mark  --mark 3 -j ACCEPT
iptables -t mangle -A POSTROUTING -o eth41  -j MARK --set-mark 3
iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark

then

iptables -t mangle --list
yields

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
CONNMARK   0    --  anywhere             anywhere            CONNMARK 
restore
ACCEPT     0    --  anywhere             anywhere            MARK match 0x3
MARK       0    --  anywhere             anywhere            MARK set 0x3
CONNMARK   0    --  anywhere             anywhere            CONNMARK save

so it looks like it is ignoring the -o eth41 in the mark statement. It 
appears to be working right, but looks not right...

how can  I see the -o eth41 in the iptables -t mangle --list command or 
can I not



regards

Brian


Jan Engelhardt wrote:
> On Thursday 2008-07-17 08:56, Brian Austin wrote:
>
>   
> > Hi,
> >
> > sorry to hijack the thread a little bit... Just say I want to mark the
> > connections based on the network they are coming from/going to... does this
> > look appropriate?
> >     
>
> See http://dev.medozas.de/NF-Cookbook.txt (item 5) for a cooked 
> approach.
>   
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html