mark rule
23 ;;; ICMP(Ping)
chain=prerouting action=mark-connection new-connection-mark=icmp_conex passthrough=yes protocol=icmp log=no log-prefix=“”
24 chain=prerouting action=mark-packet new-packet-mark=icmp passthrough=no connection-mark=icmp_conex log=no log-prefix=“ICMP”
a lot of tcp as icmp market
Can help me?
You likely have other rules applying the incorrect mark as the two you posted look OK.
I solve this putting as last rule icmp and capturing al traffic tcp and udp traffic before icmp
But why icmp rule catching tcp and udp traffic¿? I have one only rule (icmp).
Maybe you have an MTU bottleneck somewhere (e.g. due to PPPoE) and all your connections sooner or later
get a “related” ICMP “too big” reply that puts the mark on the connection?
Your comment ICMP (Ping) and the idea of marking a connection with “icmp” imho indicates a misunderstanding
of what ICMP is, unfortunately often found on internet.