[LARTC] Error in "15.10 Example of full nat solution with QoS"?
Sean Dwyer
sd_linux at earnware.com
Thu Oct 6 03:30:54 CEST 2005
Near the end of section 15.10, the following commands are shown for prioritizing SYN packets:
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
Shouldn't the "-I" option really be "-A"? Like so:
iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
Won't using "-I" cause these entries to be inserted at the top of the chain, putting the RETURN before the MARK is set? Maybe I'm missing something.
More information about the LARTC
mailing list