Hello Alejandro,
The MARK target always returns a CONTINUE verdict internally, so packet
will be matching the next rule as well.
You may append another rule that either RETURNs or ACCEPTs the packet.
Regards,
Padam
Alejandro Ramos Encinosa wrote:
Hi all!!
I was trying to figure out how iptables marks work. I thought that a packet
could just be marked once into a chain (if the packet matchs the criteria,
then it the action is applied, and that's all for the packet into this
chain), but I was wrong: I did
iptables -t mangle -A INPUT -i eth0 -j MARK --set-mark 7
iptables -t mangle -A INPUT -i eth0 -j MARK --set-mark 8
and then I did `iptables -t mangle -L -x -v' and I got
Chain INPUT (policy ACCEPT 9565560 packets, 4954706655 bytes)
pkts bytes target prot opt in out source destination
45 31630 MARK 0 -- eth0 any anywhere anywhere MARK set 0x7
45 31630 MARK 0 -- eth0 any anywhere anywhere MARK set 0x8
Can someone tell me how can I be sure one packet will just be marked once into
the chain?
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
|
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
|