trusty (5) sanewall-mark.5.gz

Provided by: sanewall-doc_1.0.2+ds-2_all bug

NAME
       sanewall-mark - mark traffic for traffic shaping tools


SYNOPSIS
       mark value chain [rule-params]


DESCRIPTION
       The mark helper command sets a mark on packets that can be matched by traffic shaping tools for
       controlling the traffic.

           Note
           To set a mark on whole connections, see connmark config helper: sanewall-connmark(5). There is also a
           mark parameter which allows matching marks within individual rules (see optional rule parameters:
           sanewall-rule-params(5)).

       The value is the mark value to set (a 32 bit integer).

       The chain will be used to find traffic to mark. It can be any of the iptables built in chains belonging
       to the mangle table. The chain names are: INPUT, FORWARD, OUTPUT, PREROUTING and POSTROUTING. The names
       are case-sensitive.

       The rule-params define a set of rule parameters to match the traffic that is to be marked within the
       chosen chain. See optional rule parameters: sanewall-rule-params(5) for more details.

       Any mark commands will affect all traffic matched. They must be declared before the first router or
       interface.

           Note
           If you want to do policy based routing based on iptables marks, you will need to disable the Root
           Path Filtering on the interfaces involved (rp_filter in sysctl).


EXAMPLES
           # mark with 1, packets sent by the local machine
           mark 1 OUTPUT

           # mark with 2, packets routed by the local machine
           mark 2 FORWARD

           # mark with 3, packets routed by the local machine, sent from
           #              192.0.2.2 destined for port TCP/25 of 198.51.100.1
           mark 3 FORWARD proto tcp dport 25 dst 198.51.100.1 src 192.0.2.2


SEE ALSO
           Sanewall program: sanewall(1)
           Sanewall configuration: sanewall.conf(5)
           connmark config helper: sanewall-connmark(5)
           administration tool for IPv4 firewalls: iptables(8)
           show / manipulate routing, devices, policy routing and tunnels: ip(8)
           Linux Advanced Routing & Traffic Control HOWTO[1]
           optional rule parameters: sanewall-rule-params(5)


AUTHOR
       Sanewall Team


       Copyright © 2012, 2013 Phil Whineray <phil@sanewall.org>


NOTES
        1. Linux Advanced Routing & Traffic Control HOWTO
           http://www.lartc.org/lartc.html