In manlge we have several options to filter traffic.
Example:
;;; http (browsing) conn. mrk
chain=prerouting action=mark-connection new-connection-mark=normal-traffic passthrough=yes protocol=tcp dst-port=80
;;; All normal` marked con. traffic get packet mark “MED”
chain=prerouting action=mark-packet new-packet-mark=MED passthrough=no connection-mark=normal-traffic
As we see I only use one connection marker.
But I see some examples and in router exists “connection state” as well. How, and when to use these?
Should I mark a connection first with “Connection state=new” and then have a second filter just looking to existing connections with “Connection state=established”?
Any advices on this with explanation why please?
[my QoS works fine at this moment I believe but to avoid future problems due growth of traffic flow I want to optimize my QoS as much as possible]
if you use connection-state=new it means that connection mark is assigned only once at the time when first packet arrives. If you don’t have connection-state=new then connection mark is rewritten every time when packet arrives belonging to particular connection.
Obviously first method uses less resources.
;;; All normal` marked con. traffic get packet mark “MED”
chain=prerouting action=mark-packet new-packet-mark=MED passthrough=no connection-mark=normal-traffic
As long as this connection exists in conn tracker all packages belonging to this connection get the mark “MED”
For what purpose is now the “established” option of conn. state? I mean, as long as the connection is there it already gets marked? Is there any need for this “established” option?
For what purpose is now the “established” option of conn. state? I mean, as long as the connection is there it already gets marked? Is there any need for this “established” option?
I am trying to discover all finesses of mangle and QoS but I need some confirmation or other opinions at times to se if my thinking is in the right direction. Please comment.