how to match connection tracker's flows?
Eric Leblond
regit at inl.fr
Wed Nov 3 20:05:29 CET 2004
On Wed, 2004-11-03 at 20:17 +0200, Abraham van der Merwe wrote:
> Hi!
>
> If I add
>
> # rules to track ftp
> iptables -t mangle -A POSTROUTING -p tcp -j CONNMARK --restore-mark
> iptables -t mangle -A POSTROUTING -p tcp -m mark ! --mark 0 -j RETURN
If packet are marked they return so leave mangle, so if CONNMARK works
leave mangle.
> # a rule to see how much ftp traffic is matched
> iptables -t mangle -A POSTROUTING -m mark --mark 2
This line is never reached if CONNMARK works.
BR,
--
Eric Leblond <regit at inl.fr>
More information about the netfilter
mailing list