Brian J. Murrell wrote:
This seems a very interesting match target. I wonder if all helpers can be used with this match (i.e. is it built into the conntrack framework enough that each conntrack module does not need to specifically add support for it). For example would:pkts bytes target prot opt in out source destination 0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 helper match "sip" MARK set 0x1actually match SIP packets and set the specified (0x1) mark on it?
I don't know. I haven't played with it.
I understand that RELATED packets inherit the mark too, so this should also result in the marking of the RTP streams brokered by the SIP packets, no?
RELATED connections inherit _connection_ marks, not _packet_ marks. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
