I need help with "CONNMARK --set-mark"

Adrian Turcu adrian.turcu at gmvinteractive.com
Thu Apr 14 15:25:06 CEST 2005

Hi Filip,

On Thu 14 Apr 2005 14:09, Filip Sneppe wrote:
> I haven't followed this in great detail either, but I do know that
> some people reported problems with the firewall MARK in combination
> with tc filter ... fwmark on the LARTC mailing list. I do remember someone
> explicitly using a u32 mark match too.
> I don't know what the details were, but could you give a different kernel
> a try ? Sorry, I thought I kept the exact mail thread in my mailbox, but I
> must have deleted it... You may want to check the LARTC archives for more
> info.
> So try a different kernel first, if the problem persists and you're
> convinced that this is a bug, you may want to take this to the -devel
> mailing list, where the author of the CONNMARK patch also hangs out.
> Regards,
> Filip

I have tried with 2 different kernels 2.6.10 and and 2 different 
iptables 1.3.0 and 1.3.1.  The behaviour is the same, most of the time the 
CONNMARK does not work.
I posted the kernel with 1.3.1 iptables, 'cause I intend to use the 
latest stable versions for both.

I cannot say if this is a bug or not after reading through the message posted 
by Jason. Although, if you go to the link posted by Jason, it looks like the 
options of setting/saving the marks that CONNMARK has, they don't work as 
most people will expect to (set mark to the connection and _save_ it 
afterward inside the connetion, not resetting to zero and save it).

I can post the original message to the devel list, maybe I'll get a different 
twist from the author (if still there)


More information about the netfilter mailing list