hi, i’m still confused with how passthrough works and so far all the articles i read are a little vague.
let’s say if i enable passthrough in a mark connection rule will the packet ignore all the succeeding rules? or will it just ignore the rules of the same chain type? or will it ignore the rules of the same action type?
any idea ?
When you DO use passthrough, rules in that chain from that firewall section (filter/nat/mangle) continue to be evaluated from that point onwards OR if that’s the last rule in the current chain, control is returned back to the originating chain, except in the “root” input/output/forward chains, where if that’s the last rule, checks in that firewall section end.
So f.e. if rule #1 adds one packet mark with passthrough, and rule #2 adds a connection mark with passthrough, by the time you reach rule #3, you have a packet and connection mark you can check against.
In contrast, if you do NOT use passthrough, then the entire chain from that firewall section stops at that rule.
So f.e. the same rules as above, but with no passthrough on #2 means rule #3 is not going to be checked if #2 matched.
passthrough = Yes Packet continues down the list of rules after this rule
Passthough = No Packet leaves the Mangle after this rule and is not affect by any of the following mangle rules
now i get it 
thanks