[LARTC] Error in "15.10 Example of full nat solution with QoS"?
Andy Furniss
andy.furniss at dsl.pipex.com
Sun Oct 9 03:02:28 CEST 2005
Sean Dwyer wrote:
> On Wednesday 05 October 2005 18:30, Sean Dwyer wrote:
>
>>Near the end of section 15.10, the following commands are shown for prioritizing SYN packets:
>>
>> iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
>> iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
>>
>>Shouldn't the "-I" option really be "-A"? Like so:
>>
>> iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
>> iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
>>
>>Won't using "-I" cause these entries to be inserted at the top of the chain, putting the RETURN
>>before the MARK is set? Maybe I'm missing something.
>
>
> Does anybody who maintains lartc.org read this mailing list?
I doubt if Bert reads every or maybe any post - I agree about the -I
being wrong. The LARTC hasn't been changed for a while but will be
someday I guess. There is going to be a wiki soon - there is already a
new one for Linux-net http://linux-net.osdl.org/ .
Andy.
More information about the LARTC
mailing list