For the rules:
add action=mark-connection chain=prerouting new-connection-mark=conn1 passthrough=no src-address=192.168.2.4
add action=log chain=prerouting connection-mark=conn1 src-address=192.168.2.4
add action=log chain=prerouting log=yes src-address=192.168.2.4
I found that the packets count of the rule 2 always 0, but the rule3 will increase the count number.
So it seems that the rule1 can’t capture all of the packets from the source ip of 192.168.2.4
The expect result is both rule1 and rule3 have 0 packets count.
The log message of the rule3 is something like this:
preouting: in:interface1 out:(unknown 0), src-mac 00:0c:11:22:33:44, proto TCP (ACK,RST), 192.168.2.4:4618->xxx.xxx.xxx.xxx:80, len 40
preouting: in:interface1 out:(unknown 0), src-mac 00:0c:11:22:33:44, proto TCP (SYN,ACK), 192.168.2.4:59606->xxx.xxx.xxx.xxx:80, len 60
Is this normal?