I have a mangle setup in my router for Qos.
In forward chain all kinds of packages is filtered when their connection state = “new”, on the bridge port where the traffic enters that router (which is in bridge mode, "Use IP firewall " enabled).
After marking the connection next filters look at these connection markers and give packages a package mark and then package leaves router (passthrough=no).
Last 3 filters are:
add action=mark-connection chain=forward comment=“connections not marked yet get conn mark "low"” connection-mark=no-mark disabled=no in-bridge-port=local
new-connection-mark=low passthrough=yes
add action=mark-connection chain=forward comment=“Packet still without mark get new conn mark "low"” disabled=no in-bridge-port=local new-connection-mark=
low packet-mark=no-mark passthrough=yes
add action=mark-packet chain=forward comment=“"low" marked conns get new packet mark "LOW"” connection-mark=low disabled=no in-bridge-port=local
new-packet-mark=LOW passthrough=no
These filters should ´catch´ all traffic not part of a identyfied connection and are treathed to get a “low” marker so the Queue tree gives it lowest priority.
But, if I now look in the connection tracker I see some 4% of connections without any connection mark?
How come?
And connections without connection mark pass the router actually with highest priority if I remember well. Just the opposite of what I try to achieve…
Anybody with a suggestion?