whitch is the logic in this peace of code iptables -t mangle -A PREROUTING -j IMQ iptables -t mangle -A PREROUTING -s 1.2.3.4 -j MARK --set-mark 1 and in the imq0 i have a class that handle the pachets marked with 1 this works, the question is why? beacouse i understand that: the pachet first enter the IMQ table, and in the queue, after that he exit and continue with the next rule in the PREROUTING, witch is the mark. i must got it wrong C
The first line only mark packet. After it leaves iptables it will enter IMQ because of the mark. devik On Sun, 5 May 2002, Ciprian Niculescu wrote:> whitch is the logic in this peace of code > > iptables -t mangle -A PREROUTING -j IMQ > iptables -t mangle -A PREROUTING -s 1.2.3.4 -j MARK --set-mark 1 > > and in the imq0 i have a class that handle the pachets marked with 1 > > this works, the question is why? > > beacouse i understand that: > the pachet first enter the IMQ table, and in the queue, after that he > exit and continue with the next rule in the PREROUTING, witch is the > mark.
Once again forgot to reply to the list: Patrick McHardy wrote:> Ciprian Niculescu wrote: > >> whitch is the logic in this piaece of code >> >> iptables -t mangle -A PREROUTING -j IMQ >> iptables -t mangle -A PREROUTING -s 1.2.3.4 -j MARK --set-mark 1 >> >> and in the imq0 i have a class that handle the pachets marked with 1 >> >> this works, the question is why? >> >> beacouse i understand that: >> the pachet first enter the IMQ table, and in the queue, after that he >> exit and continue with the next rule in the PREROUTING, witch is the >> mark. >> >> i must got it wrong >> >> >> C > > > > hi! > yes, you got it wrong. the IMQ target only MARKS packets to be enqueued > later, for incoming packets after passing the mangle table, for outgoing > after passing ALL tables (filter, mangle & nat). > IMQ itself is not a table, its a software device which feeds itself > packets through netfilter. > hope that helps. > bye, > patrick >