On Sat, Nov 9, 2019 at 1:48 AM Bill Shirley <b...@ultrapoly.polymerindustries.biz> wrote: > > > 10001: from all fwmark 0x2/0xff lookup CAIB > > The only thing you need to do is add a rule to the mangle file (PREROUTING > section) > utilizing the SWITCH column to mark all the traffic you want to override to > CAIB with > MARK(2):P near the top. Then it's just a matter of issuing: > echo 1 > /proc/net/nf_condition/override_to_CAIB > to enable the bypass
Thanks, Bill. I don't know if packet marking several destinations (I have quite a few) is more efficient than adding just one route rule between 2 routing tables. In any case, I can't try your solution just yet because my kernel or iptables or both do not support conditionals. # shorewall show capabilities | grep -i condition Condition Match (CONDITION_MATCH): Not available I'll try to update asap. Thanks for the great idea, though. Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
