Bob Ramstad wrote: > On 5/11/06, Bob Ramstad <[EMAIL PROTECTED]> wrote: >> I see 22 connections with mark=1 right now, and 7 with mark=0 right >> now... and I suspect that if all 22 mark=1 connections were being set >> to class 50, the system would be behaving as I'd like. > > I really thought I had it, but again, stymied. I came to the > conclusion that the connection was being marked, but the packets > obviously were not... so when RTFM I stumbled the documentation for > TEST :C in tcrules for matching a connection flag vs matching a packet > flag, and modified the last line in my recipe: > > RESTORE:F - - tcp > CONTINUE:F - - tcp - - - !0 > 1:F - - ipp2p ipp2p > SAVE:F - - tcp - - - 1 > 50 - - - - - - 1:C >
That's because, except for the first p2p packet, all of the rest are getting packet mark = 1 -- not 50. Switch the third rule to 50:F and ditch the 5th rule. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
