is this the zillionth mail asking for this detail?

Jozsef Kadlecsik kadlec at blackhole.kfki.hu
Thu Jul 21 15:15:28 CEST 2005


On Thu, 21 Jul 2005, /dev/rob0 wrote:

> Edmundo Carmona wrote:
> > I don't think I'm that smart to be the first to need this feature...
> > so I hope I'm the ONE vote that flips the balance to convince
> > netfilter developers that this is indeed <i>good and necessary</i>.
>
> I am not sure we have developers posting here regularly. I've seen
> Harald Welte, but not often. I just looked and see that Jozsef
> Kadlecsik, who does post here, is on the Core Team.

Just as time permits, alas...

> > Maybe a new chain could be used to do some PREROUTING actions (like
> > marking) before the routing decision is made for output traffic.
>
> Is there any reason you can't use mangle/PREROUTING or nat/PREROUTING
> for what you need? What would filter/PREROUTING provide that those do
> not? In fact, although I don't do anything with mangle, I thought
> marking was in mangle territory.

The original post was about locally generated packets and OUTPUT chain.

There's no need for extra hooks, because the routing engine is called
after the OUTPUT chain as well:

local process -> routing -> OUTPUT chain -> routing -> POSTROUTING chain

No problem with policy routing for the locally generated traffic.

Best regards,
Jozsef
-
E-mail  : kadlec at blackhole.kfki.hu, kadlec at sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary



More information about the netfilter mailing list