[LARTC] iptables marks
Nelson Castillo
nelsoneci at gmail.com
Sun Apr 22 02:04:28 CEST 2007
> iptables -t mangle -A INPUT -i eth0 -j MARK --set-mark 7
> iptables -t mangle -A INPUT -i eth0 -j MARK --set-mark 8
>
> and then I did `iptables -t mangle -L -x -v' and I got
>
> Chain INPUT (policy ACCEPT 9565560 packets, 4954706655 bytes)
> pkts bytes target prot opt in out source destination
> 45 31630 MARK 0 -- eth0 any anywhere anywhere MARK set 0x7
> 45 31630 MARK 0 -- eth0 any anywhere anywhere MARK set 0x8
>
> Can someone tell me how can I be sure one packet will just be marked once into
> the chain?
I would try the following (untested) rules:
iptables -t mangle -A INPUT -i eth0 -j MARK --set-mark 7
iptables -t mangle -A INPUT -i eth0 -j RETURN
iptables -t mangle -A INPUT -i eth0 -j MARK --set-mark 8
I guess you will never get the second mark.
Regards,
Nelson.-
--
http://arhuaco.org
http://emQbit.com
More information about the LARTC
mailing list