Re: iptables breakage WAS(Re: dummy as IMQ replacement

From: Andy Furniss <andy.furniss@xxxxxxxxxxxxx>
Date: Fri, 25 Mar 2005 20:42:41 +0000
Patrick McHardy wrote:
Andy Furniss wrote:

iptables -A POSTROUTING -t mangle -j CONNMARK --set-mark 1
iptables -A INPUT -t mangle -m mark --mark 1
tc qdisc add dev eth0 ingress
tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 match ip src 0/0 flowid 1:1 action ipt -j CONNMARK --restore-mark

It doesn't mark the packets.

With tc actions the ingress qdisc gets packets before connection
tracking, so CONNMARK doesn't have a connection tracking entry to

Ahh - Thanks I misunderstood talk of being able to mark connections earlier in this thread and thought it was hooking after conntrack.


