Hi,
i have something like this:
chain=prerouting action=mark-packet new-packet-mark=max10 passthrough=no src-address-list=updateblock dst-address-list=!It-List in-interface=ether9
where:
- ether9 is a WAN interface
- updateblock is a list of ips from internet (windows update ips, etc.) to block
- It-List is a list of pcs from local network which i dont want block
and
name="queue1" parent=global packet-mark=max10 limit-at=0 queue=default priority=8 max-limit=10M burst-limit=0 burst-threshold=0 burst-time=0s
I realize that dst adress on ether9 is never from IT-List, thats why its now workin propely. How i can make it work? Any tips?
Best regards