How to action based on marked package in iptables?

Winanjaya · 04-25-2019, 07:13 PM

Hi.

How to action based on marked package or connection in iptables?

Just a simple example:
iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 2

This would mark 2 for port 22 destination

My question is:
How to do an action based on mark? From the above scenario, how to drop package based on mark 2?

Need advise

Thanks

berndbausch · 04-26-2019, 05:53 PM

See the description of the mark and connmark extensions in the iptables man page.

Also see the Linux Advanced Routing and Traffic Control HOWTO.

nini09 · 04-29-2019, 03:14 PM

Just a mark or label, not relative to any destination port.