Community discussions

 
JohnyB
just joined
Topic Author
Posts: 6
Joined: Thu Mar 21, 2013 11:13 am

Mark packet dont work like expected

Mon Aug 26, 2019 10:54 am

Hi,

i have something like this:
chain=prerouting action=mark-packet new-packet-mark=max10 passthrough=no src-address-list=updateblock dst-address-list=!It-List in-interface=ether9
where:
- ether9 is a WAN interface
- updateblock is a list of ips from internet (windows update ips, etc.) to block
- It-List is a list of pcs from local network which i dont want block
and
name="queue1" parent=global packet-mark=max10 limit-at=0 queue=default priority=8 max-limit=10M burst-limit=0 burst-threshold=0 burst-time=0s
I realize that dst adress on ether9 is never from IT-List, thats why its now workin propely. How i can make it work? Any tips?

Best regards
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Mark packet dont work like expected

Mon Aug 26, 2019 11:39 am

Looking at the direction of the traffic you are trying to match you probably need to use out-interface instead of in-interface.
As this is not possible in prerouting you need to re-think your setup.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1790
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Mark packet dont work like expected

Tue Aug 27, 2019 10:58 am

What is your goal? What did you expect?

Who is online

Users browsing this forum: MSN [Bot] and 105 guests