hi,
I have a question about IP FIREWALL MANGEL rule handling and about Queue tree handling.
How are these rules handeld?
is it from top to bottem and when one rule matches the other are skipped?
Reason why I ask is because I want more then one mangle rule foor TCP port 80,443 only the source or destionsions are different.
Mangle rules are processed in order, and depending on how the packets are flowing through the router / to the router / from the router, they traverse different chains. Most mangle rules allow you to continue processing the mangle chain even after a match - these rules have a “passthrough” option which you can check - but the thing to be careful of is to not “overwrite” earlier actions with later ones.
e.g. if you perform a connection mark based on some criteria, make sure your “default” rule doesn’t change the connection mark to the default one - in this case, you’d put a criteria on the default “connection-mark=no-mark” to prevent such a thing.