Sean Dwyer wrote:
On Wednesday 05 October 2005 18:30, Sean Dwyer wrote:
Near the end of section 15.10, the following commands are shown for
prioritizing SYN packets:
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j
MARK --set-mark 0x1
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j
RETURN
Shouldn't the "-I" option really be "-A"? Like so:
iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j
MARK --set-mark 0x1
iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j
RETURN
Won't using "-I" cause these entries to be inserted at the top of the chain,
putting the RETURN
before the MARK is set? Maybe I'm missing something.
Does anybody who maintains lartc.org read this mailing list?
I doubt if Bert reads every or maybe any post - I agree about the -I
being wrong. The LARTC hasn't been changed for a while but will be
someday I guess. There is going to be a wiki soon - there is already a
new one for Linux-net http://linux-net.osdl.org/ .
Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
