RE: AW: How to mark packet by reqid?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
Hi

First of all, sorry for the previous posts. After taking some time off and
giving this a fresh look, I realized I did not only do some copy and paste
errors for these mails, but also my focus for the correct matching
conditions was that fixed, that I totally overlooked having "-D" instead of
"-A" in some of my commands. Obviously they didn't work...

My sincere apologies for that.

Now, I got the following working:

iptables -t mangle -A PREROUTING --proto esp -m esp --espspi 0xc522b7f3 -j
MARK --set-mark 1

I tried to transform that to 

iptables -t mangle -A PREROUTING --proto esp -m policy --spi 0xc522b7f3 -j
MARK --dir in --set-mark 1

But then it does not work anymore. Is there any fundamental difference
between those conditions that I do not understand?
Note: My original target was to use reqid instead of spi, because I can fix
the reqid and the filewall rules should be independent of IKE...

Regards,
  Steffen

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Linux Netfilter Development]     [Linux Kernel Networking Development]     [Linux Networking Development]     [Linux Kernel Development]     [Linux Resources]     [LARTC]     [Bugtraq]     [Consulting]     [Free Internet Dating]     [Yosemite Forum]     [Photo]

Add to Google Powered by Linux