using --set-mark in iptables to drop packets -?
I learned that iptables can "mark" the packet in the mangle table to change routing decisions for the packet... But what does the "--set-mark" actually change in ip header and can it be used to drop the packet?
--set-mark only marks the packet while it is traversing the network stack within the kernel. It does not change any headers or anything else which means that you will not be able to use the mark to drop the packet once it reaches another box.
You can drop the packet once it reaches the filter table on the same host which market the packet.
|All times are GMT -5. The time now is 09:50 PM.|