Hi,
I have read the documentation and googled with no result so please can someone brighter than me explain why in Mangle people first mark the connection and then use the connection mark to mark the packet instead of just marking the packets..
The reason I ask is that I have monitored this process and I mark a connection then use this connection mark to mark the packet (not passing through) of a certain port. I then log what is not getting trapped by the above and see the very traffic I am trying to flag - if I just tell it to mark the packet in the first place then this traffic doesn’t come through. this is confusing behaviour for me for starter and I would like to know the reasoning behind marking the connection first and using that to mark the packet before I change the way I am doing things.
As you can see I am not exactly an expert so any help appreciated.