Provided by: sanewall-doc_1.0.2+ds-2_all bug

NAME
       sanewall-connmark - set a stateful mark on a connection


SYNOPSIS
       connmark {value | save | restore} chain [rule-params]


DESCRIPTION
       The connmark helper command sets a mark on a whole connection. It applies to both
       directions.

           Note
           To set a mark on packets matching particular rules, regardless of any connection, see
           mark config helper: sanewall-mark(5).

       The value is the mark value to set (a 32 bit integer). If you specify save then the mark
       on the matched packet will be turned into a connmark. If you specify restore then the
       matched packet will have its mark set to the current connmark.

       The chain will be used to find traffic to mark. It can be any of the iptables built in
       chains belonging to the mangle table. The chain names are: INPUT, FORWARD, OUTPUT,
       PREROUTING and POSTROUTING. The names are case-sensitive.

       The rule-params define a set of rule parameters to match the traffic that is to be marked
       within the chosen chain. See optional rule parameters: sanewall-rule-params(5) for more
       details.

       Any connmark commands will affect all traffic matched. They must be declared before the
       first router or interface.


EXAMPLES
       Consider a scenario with 3 ethernet ports, where eth0 is on the local LAN, eth1 connects
       to ISP 'A' and eth2 to ISP 'B'. To ensure traffic leaves via the same ISP as it arrives
       from you can mark the traffic:

           # mark connections when they arrive from the ISPs
           connmark 1 PREROUTING inface eth1
           connmark 2 PREROUTING inface eth2

           # restore the mark (from the connmark) when packets arrive from the LAN
           connmark restore OUTPUT
           connmark restore PREROUTING inface eth0

       It is then possible to use the commands from iproute2 such as ip, to pick the correct
       routing table based on the mark on the packets.


SEE ALSO
           Sanewall program: sanewall(1)
           Sanewall configuration: sanewall.conf(5)
           mark config helper: sanewall-mark(5)
           administration tool for IPv4 firewalls: iptables(8)
           show / manipulate routing, devices, policy routing and tunnels: ip(8)
           Linux Advanced Routing & Traffic Control HOWTO[1]


AUTHOR
       Sanewall Team


COPYRIGHT
       Copyright © 2012, 2013 Phil Whineray <phil@sanewall.org>


NOTES
        1. Linux Advanced Routing & Traffic Control HOWTO
           http://www.lartc.org/lartc.html