Opened 10 years ago
Last modified 5 years ago
#148 new enhancement
add support for marking in PREROUTING/OUTPUT
| Reported by: | Adi Kriegisch | Owned by: | Victor Julien |
|---|---|---|---|
| Priority: | major | Milestone: | undecided |
| Component: | suite | Version: | |
| Keywords: | Cc: |
Description
To allow rule based routing (i.e. use ip rule add fwmark) to influence routing decisions it would be great to extend the marking support already present in Vuurmuur so that packets get their mark in PREROUTING and OUTPUT (for local traffic).
For details see this discussion on vuurmuur-users: http://sourceforge.net/mailarchive/forum.php?thread_name=51531F27.6080402%40vuurmuur.org&forum_name=vuurmuur-users
Change History (3)
comment:1 by , 10 years ago
| Milestone: | undecided → 0.8 |
|---|
comment:2 by , 7 years ago
comment:3 by , 5 years ago
| Milestone: | 0.8 → undecided |
|---|
Note:
See TracTickets
for help on using tickets.
So for input rules, we can add them to mangle table PREROUTING chain. For output rules we already add them to OUTPUT. For forwarding rules, I'm not sure. If we add to PREROUTING, we do loose some matching capabilities AFAIT. E.g. outgoing device won't be available. Also not sure about dest ip matching in relation to NAT.
Can you supply example rules of each type (input/output/forward) and show both the existing and the expected output for each?