dangerous? Setting mark in nat table
Amin Azez
azez at ufomechanic.net
Tue Mar 13 16:25:25 CET 2007
I want need to set a mark (-j MARK) in the nat table based on dnat'ing done.
This means changing the ipt_mark kernel module, at least for my own
consumption.
Are there any overpowering reasons why I should not do this, or even why
it should not be done at all?
I have powerful reasons which finally centre on the fact that the mark
is too small to use as as means of joining condition fragments spread
over different places.
(Is this also a good time to bring up why mangle and filter should not
be merged?)
Sam
More information about the netfilter-devel
mailing list