Provided by: sanewall-doc_1.0.2+ds-2_all bug

NAME
       sanewall-connmark - set a stateful mark on a connection


SYNOPSIS

       connmark {value | save | restore} chain [rule-params]


DESCRIPTION
       The connmark helper command sets a mark on a whole connection. It applies to both directions.

           Note

           To set a mark on packets matching particular rules, regardless of any connection, see mark config
           helper: sanewall-mark(5).

       The value is the mark value to set (a 32 bit integer). If you specify save then the mark on the matched
       packet will be turned into a connmark. If you specify restore then the matched packet will have its mark
       set to the current connmark.

       The chain will be used to find traffic to mark. It can be any of the iptables built in chains belonging
       to the mangle table. The chain names are: INPUT, FORWARD, OUTPUT, PREROUTING and POSTROUTING. The names
       are case-sensitive.

       The rule-params define a set of rule parameters to match the traffic that is to be marked within the
       chosen chain. See optional rule parameters: sanewall-rule-params(5) for more details.

       Any connmark commands will affect all traffic matched. They must be declared before the first router or
       interface.


EXAMPLES
       Consider a scenario with 3 ethernet ports, where eth0 is on the local LAN, eth1 connects to ISP 'A' and
       eth2 to ISP 'B'. To ensure traffic leaves via the same ISP as it arrives from you can mark the traffic:

           # mark connections when they arrive from the ISPs
           connmark 1 PREROUTING inface eth1
           connmark 2 PREROUTING inface eth2

           # restore the mark (from the connmark) when packets arrive from the LAN
           connmark restore OUTPUT
           connmark restore PREROUTING inface eth0

       It is then possible to use the commands from iproute2 such as ip, to pick the correct routing table based
       on the mark on the packets.


SEE ALSO
           Sanewall program: sanewall(1)
           Sanewall configuration: sanewall.conf(5)
           mark config helper: sanewall-mark(5)
           administration tool for IPv4 firewalls: iptables(8)
           show / manipulate routing, devices, policy routing and tunnels: ip(8)
           Linux Advanced Routing & Traffic Control HOWTO[1]


AUTHOR
       Sanewall Team


COPYRIGHT
       Copyright © 2012, 2013 Phil Whineray <phil@sanewall.org>


NOTES
        1. Linux Advanced Routing & Traffic Control HOWTO
           http://www.lartc.org/lartc.html

Sanewall 1.0.2                                  Built 01 Jun 2013                        CONNMARK CONFIG HELP(5)