Hi all.
I have an address list named youtube.
in mangle forward I have a firt rule: mark connection cVIDEO if source addrees list=youtube and connection=new, passthrough=yes.
The second rule is marking in forward video packet id connection mark=cVIDEO, passthrough=no.
the third rule is to mark in forward video packet directly if source address list=youtube.
I expect the first two rules marks all packet belonging to youtube address list, but I can see the third rule marking a lot of packets!
Traffic from Youtube (or any website/server) should be marked by the use of the dst-address list. It is your local LAN user that initiates a connection, so the src-address is the IP of the user on your LAN request a distant server from YouTube (dst-address).
Hence that your first two rules don’t catch anything. Because Youtube is not the source of any connection towards your network.
I can complete the circle: if I add a new mangle rule marking “new” connections, connections already open ar not marked then packets are not marked.
In this case first I add the rule without “new” connection-state, and after few seconds I add the “new” filter.