Provided by: firehol-doc_2.0.3+ds-1_all bug


       firehol-mark - mark traffic for traffic shaping tools


       mark value chain rule-params


       The  mark  helper  command  sets  a mark on packets that can be matched by traffic shaping
       tools for controlling the traffic.


              To set a mark on whole connections, see firehol-connmark(5).  There is also a  mark
              parameter    which   allows   matching   marks   within   individual   rules   (see

       The value is the mark value to set (a 32 bit integer).

       The chain will be used to find traffic to mark.  It can be any of the iptables(8) built in
       chains  belonging  to  the  mangle  table.   The  chain names are: INPUT, FORWARD, OUTPUT,
       PREROUTING and POSTROUTING.  The names are case-sensitive.

       The rule-params define a set of rule parameters to match the traffic that is to be  marked
       within the chosen chain.  See firehol-params(5) for more details.

       Any mark commands will affect all traffic matched.  They must be declared before the first
       router or interface.


              If you want to do policy based routing based on iptables(8) marks, you will need to
              disable the Root Path Filtering on the interfaces involved (rp_filter in sysctl).


               # mark with 1, packets sent by the local machine
               mark 1 OUTPUT

               # mark with 2, packets routed by the local machine
               mark 2 FORWARD

               # mark with 3, packets routed by the local machine, sent from
               #     destined for port TCP/25 of
               mark 3 FORWARD proto tcp dport 25 dst src


       · firehol(1) - FireHOL program

       · firehol.conf(5) - FireHOL configuration

       · firehol-params(5) - optional rule parameters

       · firehol-connmark(5) - set a stateful mark on a connection

       · iptables(8)  (  -  administration  tool for
         IPv4 firewalls

       · ip6tables(8) ( - administration  tool  for
         IPv6 firewalls

       · ip(8) - show / manipulate routing, devices, policy routing and tunnels

       · FireHOL Website (

       · FireHOL Online PDF Manual (

       · FireHOL Online HTML Manual (

       · Linux Advanced Routing & Traffic Control HOWTO (


       FireHOL Team.