Ming-Ching Tiew
2004-May-31 07:21 UTC
skip other iptables marking if packet is already marked
I have many iptables setmark commands, but as soon as there is one match, I would like to skip all the rest. How to do this. -------not-working-not-mark-zero-is-not-accepted--------- iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... iptables -t mangle -A PREROUTING -m MARK ! --mark 0 -j ACCEPT iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... iptables -t mangle -A PREROUTING -m MARK ! --mark 0 -j ACCEPT iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... --------------------end----------------------------------- Since it is not working, I change it to :- Assuming I have AND-ed all the mark together to obtain the MASK, iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... iptables -t mangle -A PREROUTING -m MARK ! --mark MASK/MARK -j ACCEPT iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... iptables -t mangle -A PREROUTING -m MARK ! --mark MASK/MARK -j ACCEPT iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... Wonder if it will work ? My next question is should I use -j ACCEPT or -j RETURN ? _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Anton Glinkov
2004-May-31 08:18 UTC
Re: skip other iptables marking if packet is already marked
> > I have many iptables setmark commands, but as soon > as there is one match, I would like to skip all the rest. > How to do this.-- cut --> Wonder if it will work ? > My next question is should I use -j ACCEPT or -j RETURN ?-j RETURN iptables -t mangle -A <chain> <rule 1> -j MARK --set-mark <mark 1> iptables -t mangle -A <chain> <rule 1> -j RETURN iptables -t mangle -A <chain> <rule 2> -j MARK --set-mark <mark 2> iptables -t mangle -A <chain> <rule 2> -j RETURN iptables -t mangle -A <chain> <rule 3> -j MARK --set-mark <mark 3> iptables -t mangle -A <chain> <rule 3> -j RETURN you must enter two lines with the same rule for each mark. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/