iptables mark target

To: debian-firewall@lists.debian.org
Subject: iptables mark target
From: Frank Remetter <sunnyboyfrank@web.de>
Date: Wed, 10 Nov 2004 20:36:05 +0100
Message-id: <200411102036.05717.sunnyboyfrank@web.de>

Hey,

i use the mark target for outbound shaping, but i am not sure, wether the 
chain will be left if a rule matches or not. In other words in which 
direction do i have to set up the rules?
first match apply oder last match?

part of the script:
....
iptables -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20               
# ICMP
iptables -t mangle -A MYSHAPER-OUT -p udp -j MARK --set-mark 20                
# UDP
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport ssh -j MARK --set-mark 20    
# ssh
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport ssh -j MARK --set-mark 20    
# ssh
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 0:1024 -j MARK --set-mark 21 
# low port traffic
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 0:1024 -j MARK --set-mark 21 
# low port traffic
...

Regards
 Frank

Reply to:

Follow-Ups:
- Re: iptables mark target
  - From: Blair L Strang <bls@nanocorp.net.nz>

Prev by Date: ACK PSH FIN Drops by Netfilter
Next by Date: Re: iptables mark target
Previous by thread: ACK PSH FIN Drops by Netfilter
Next by thread: Re: iptables mark target
Index(es):
- Date
- Thread