Provided by: sanewall-doc_1.0.2+ds-2_all
NAME
sanewall-connmark - set a stateful mark on a connection
SYNOPSIS
connmark {value | save | restore} chain [rule-params]
DESCRIPTION
The connmark helper command sets a mark on a whole connection. It applies to both directions. Note To set a mark on packets matching particular rules, regardless of any connection, see mark config helper: sanewall-mark(5). The value is the mark value to set (a 32 bit integer). If you specify save then the mark on the matched packet will be turned into a connmark. If you specify restore then the matched packet will have its mark set to the current connmark. The chain will be used to find traffic to mark. It can be any of the iptables built in chains belonging to the mangle table. The chain names are: INPUT, FORWARD, OUTPUT, PREROUTING and POSTROUTING. The names are case-sensitive. The rule-params define a set of rule parameters to match the traffic that is to be marked within the chosen chain. See optional rule parameters: sanewall-rule-params(5) for more details. Any connmark commands will affect all traffic matched. They must be declared before the first router or interface.
EXAMPLES
Consider a scenario with 3 ethernet ports, where eth0 is on the local LAN, eth1 connects to ISP 'A' and eth2 to ISP 'B'. To ensure traffic leaves via the same ISP as it arrives from you can mark the traffic: # mark connections when they arrive from the ISPs connmark 1 PREROUTING inface eth1 connmark 2 PREROUTING inface eth2 # restore the mark (from the connmark) when packets arrive from the LAN connmark restore OUTPUT connmark restore PREROUTING inface eth0 It is then possible to use the commands from iproute2 such as ip, to pick the correct routing table based on the mark on the packets.
SEE ALSO
Sanewall program: sanewall(1) Sanewall configuration: sanewall.conf(5) mark config helper: sanewall-mark(5) administration tool for IPv4 firewalls: iptables(8) show / manipulate routing, devices, policy routing and tunnels: ip(8) Linux Advanced Routing & Traffic Control HOWTO[1]
AUTHOR
Sanewall Team
COPYRIGHT
Copyright © 2012, 2013 Phil Whineray <phil@sanewall.org>
NOTES
1. Linux Advanced Routing & Traffic Control HOWTO http://www.lartc.org/lartc.html