Marking packets: order is important?
Arrizabalaga, Saioa
sarrizabalaga at ceit.es
Thu Sep 16 10:51:16 CEST 2004
I am analysing the script written in the ADSL-Bandwith-Management-HOWTO
I found in www.tldp.org.
It marks all the packets depending on the ports they use, for example:
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 0:1024 \
-j MARK --set-mark 23 # Default for low port traffic
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 20 \
-j MARK --set-mark 26 # ftp-data port, low prio
But as far as I can see, the packet that matches the second rule,
matches the first rule as well, so, I guess that when this packet is
marked by the first rule (--set-mark 23), follows the chain, sees that
it also matches the second rule and then it is marked again with the new
value(--set-mark 26).
I would like someone to confirm this. If all this is true, the most
specific rules should be placed at the end, am I right?
Regards,
Saioa Arrizabalaga
More information about the netfilter
mailing list