0 Membres et 1 Invité sur ce sujet
Sep 29 14:30:02 cerber netfilter_MWANSL2 IN= OUT=wan1 MAC= SRC=192.168.3.254 DST=80.10.247.48 LEN=411 TOS=00 PREC=0x00 TTL=64 ID=13429 PROTO=UDP SPT=68 DPT=67 LEN=391 UID=0 GID=0 MARK=200
$ grep -Irn MARK= linux-5.8.8/net/net/ipv6/netfilter/nf_log_ipv6.c:280: /* Max length: 16 "MARK=0xFFFFFFFF " */net/ipv6/netfilter/nf_log_ipv6.c:282: nf_log_buf_add(m, "MARK=0x%x ", skb->mark);net/ipv4/netfilter/nf_log_ipv4.c:253: /* Max length: 16 "MARK=0xFFFFFFFF " */net/ipv4/netfilter/nf_log_ipv4.c:255: nf_log_buf_add(m, "MARK=0x%x ", skb->mark);
Ne serait-ce pas un pb de priorité ou d'ordre ?# ip rule show0: from all lookup local100: from 192.168.3.254 lookup 100 <= coupable101: from all fwmark 0x100 lookup 100200: from <mon_ip_orange2> lookup 200201: from all fwmark 0x200 lookup 200300: from 192.168.4.254 lookup 300301: from all fwmark 0x300 lookup 300500: from 192.168.251.2 lookup 500501: from all fwmark 0x500 lookup 500600: from 10.1.194.244 lookup 600601: from all fwmark 0x600 lookup 600700: from 10.2.1.242 lookup 700701: from all fwmark 0x700 lookup 700900: from 10.3.6.17 lookup 900901: from all fwmark 0x900 lookup 90032766: from all lookup main32767: from all lookup default
quand tu fais : ip rule add fwmark 0x200 lookup 200, elle est ajoutee prio 99, mais ça ne donne rien.La règle en prio 100 semble l’emporter ...