LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   using --set-mark in iptables to drop packets -? (http://www.linuxquestions.org/questions/linux-networking-3/using-set-mark-in-iptables-to-drop-packets-4175416525/)

vlyamtse 07-13-2012 09:45 AM

using --set-mark in iptables to drop packets -?
 
I learned that iptables can "mark" the packet in the mangle table to change routing decisions for the packet... But what does the "--set-mark" actually change in ip header and can it be used to drop the packet?
Thank you,
-V

SuperJediWombat! 07-18-2012 04:13 AM

--set-mark only marks the packet while it is traversing the network stack within the kernel. It does not change any headers or anything else which means that you will not be able to use the mark to drop the packet once it reaches another box.

You can drop the packet once it reaches the filter table on the same host which market the packet.


All times are GMT -5. The time now is 05:20 AM.