[LARTC] Error in "15.10 Example of full nat solution with QoS"?
Sean Dwyer
sd_linux at earnware.com
Fri Oct 7 19:42:22 CEST 2005
On Wednesday 05 October 2005 18:30, Sean Dwyer wrote:
> Near the end of section 15.10, the following commands are shown for prioritizing SYN packets:
>
> iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
> iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
>
> Shouldn't the "-I" option really be "-A"? Like so:
>
> iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
> iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
>
> Won't using "-I" cause these entries to be inserted at the top of the chain, putting the RETURN
> before the MARK is set? Maybe I'm missing something.
Does anybody who maintains lartc.org read this mailing list?
More information about the LARTC
mailing list