Can anyone tell me why Connection-bytes=0-10000 or smaller do not leave this firewall forward chain mark_connection rule, if download is over 10000 bytes this rule still active?
Anyone expierenced this problem?
Thanks
I’m not sure I understand the question.
If you mark a connection based on connection-bytes that mark stays for the entirety of the connection by design. If you want the connection mark to change after the connection has seen 10000 bytes you will have to remark it based on connection-bytes=10000-0.
Does that help? If not, explain what you’re trying to do and show your mangle ruleset.
Thanks,
You solved my problem, and exactly understand 
But strange if i use transparent proxy then all thing works without connection-bytes=10000-0.
Thanks again
When you are proxying (even transparently) there are two connections - one from the client to the proxy, and another one from the proxy to the web server. Not sure about your layout, but maybe that explains things.