Dairinin
n00b
Joined: 03 Feb 2008
Posts: 64
Location: MSK, RF
|
 Posted: Wed Jan 07, 2009 6:26 pm Post subject: kernel 2.6.28, iptables MARK target |
 |
|
I'm having troubles with iptables after kernel upgrade from 2.6.27 line to 2.6.28. My working rules-save script does not work any more. Particulary I'm using some rules wich set MARK for packet, and then in POSTROUTING chain of mangle tables I set one bit in the MARK according to destination network:
| Code: | | iptales -t mangle -A POSTROUTING -o eth1 -d x.x.x.x/y -j MARK --or-mark 0x10 |
The results is this string in rule-save file:
| Code: | | [191021423:261063439591] -A POSTROUTING -d x.x.x.x/y -o eth1 -j MARK --set-xmark 0x10/0x10 |
New kernel stops loading rules and complains about
| Quote: | | iptables v1.4.2: Unknown arg `(null)' |
iptables do not understand --set-xmark for MARK target any more, but it still understand --set-mark (though it cannot help in my case).
As man for iptables states, --or-mark, xor-mark and --and-mark are just macros for --set-xmark, and they do not work either, complaining about my kernel being too old (sic) for theese parameters.
BTW, CONNMARK target, which supports same arguments according to man, does not accept --set-xmark also. |
|
Networking & Security
