I want to set a mark to act on in the INPUT chain.
iptables -t mangle -A PREROUTING -p tcp --sport $HI_PORTS \
--dport 80 -j CONNMARK --restore-mark
1) I know 1023 is a priviledged port and 1025 is not. What is the
case for 1024?
2) is PREROUTING the right chain? Why or why not?
MEMO: Packet count = 7034
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 \
-j ACCEPT
3) ACCEPT or RETURN? Why?
4) Does this rule need --sport and --dport?
5) The packet count = 6655 which I think is far too many. Why?
iptables -t mangle -A PREROUTING $MATCH_THIS -j MARK \
--set-mark 0x1
MEMO: Packet count = 10
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 \
-j CONNMARK --save-mark
6) Does this _really_ cause the entire connection to be marked or just
the packets that match $MATCH_THIS? If it only matches the
$MATCH_THIS packets, is there a way to mark the entire connection?
MEMO: Packet count = 10
Thanks for any help!
--
buck
|
Similar Threads
Linear Mode
