if connection is already marked, and next rule matches the connection, will it apply that mark ?
or does the new-connection-mark marks connections that are unmarked ?
eg, two wan interfaces
add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection new-connection-mark=ISP2_conn add chain=prerouting in-interface=LAN dst-address-type=!local src-address=192.168.1.0/24 action=mark-connection new-connection-mark=ISP1_conn add chain=prerouting in-interface=LAN dst-address-type=!local action=mark-connection new-connection-mark=ISP2_connincoming connection on isp2 gets marked with rule2, it goes to 192.168.1.0 net, but then outbound packets for this connections would get marked by rule3 (isp1). Surely that would not work.
I could not find any docs on semantics of new-connection-mark,
looks to me like the new-connection-mark= affects implicitely only unmarked connections,