Hi. A lot of scripts use no-mark as a connection mark. Is this a special mark or does it just have the meaning you should not add a routing mark?
It’s just a way to test whether a mark has been previously assigned to the item. For example you may have a series of mark rules ordered from more to less specific and each checks for no-mark so as to not overwrite a more specific mark.
Hi thanks. if i understand correct. If you use the no-mark option the rule will not assign the connection a new connection mark if it already has a connection mark?
Have a (unknown 20) connection mark if i look in firewall connection although it appears to be only ospf protocol.
Ah, I see the confusion. There are two places you can use the ‘no-mark’ parameter. One is in the ‘if’ portion of a rule, e.g.:
/ip firewall mangle add action=mark-connection chain=prerouting protocol=ospf connection-mark=no-mark \
new-connection-mark=Alpha passthrough=yes
In this example, we are testing to see if the connection does not have a mark yet and, if so, then we add a new mark ‘Alpha’.
The second place you can use the ‘no-mark’ parameter is in the ‘then’ portion of a rule:
/ip firewall mangle add action=mark-connection chain=prerouting new-connection-mark=no-mark passthrough=yes place-before=0
With this example rule, we are adding a rule at the top of the Mangle chains which removes any connection mark by setting the new connection mark to ‘no-mark’. Since there isn’t an action to remove a mark, we have the nomenclature of setting the value to ‘no-mark’.
Now in your case, you’re seeing “(unknown 20)” because, internally, the router uses integer mark values and RouterOS translates those to the string names we see. However, if you delete all references to a mark type you had previously, the string-to-integer mapping is deleted. In your case, RouterOS has no string mapping for the integer value 20. The example rule setting everything to ‘no-mark’ above will clear those out for you.
Hope that helps.
Thanks. That explains it. Appreciated.