Provided by: firehol-doc_2.0.3+ds-1_all bug

NAME
       firehol-connmark - set a stateful mark on a connection


SYNOPSIS
       connmark { value | save | restore } chain rule-params


DESCRIPTION
       The connmark helper command sets a mark on a whole connection.  It applies to both directions.

              Note

              To  set  a  mark  on  packets  matching  particular  rules,  regardless  of  any  connection,  see
              firehol-mark(5).

       The value is the mark value to set (a 32 bit integer).  If you specify save then the mark on the  matched
       packet will be turned into a connmark.  If you specify restore then the matched packet will have its mark
       set to the current connmark.

       The  chain  will  be  used  to  find  traffic  to mark.  It can be any of the iptables(8) built in chains
       belonging to the mangle table.  The chain names are: INPUT, FORWARD, OUTPUT, PREROUTING and  POSTROUTING.
       The names are case-sensitive.

       The  rule-params  define  a  set  of rule parameters to match the traffic that is to be marked within the
       chosen chain.  See firehol-params(5) for more details.

       Any connmark commands will affect all traffic matched.  They must be declared before the first router  or
       interface.


EXAMPLES
       Consider  a  scenario with 3 ethernet ports, where eth0 is on the local LAN, eth1 connects to ISP 'A' and
       eth2 to ISP 'B'.  To ensure traffic leaves via the same ISP as it arrives from you can mark the traffic.

               # mark connections when they arrive from the ISPs
               connmark 1 PREROUTING inface eth1
               connmark 2 PREROUTING inface eth2

               # restore the mark (from the connmark) when packets arrive from the LAN
               connmark restore OUTPUT
               connmark restore PREROUTING inface eth0

       It is then possible to use the commands from iproute2 such as ip(8), to pick the  correct  routing  table
       based on the mark on the packets.


SEE ALSO
firehol(1) - FireHOL program

       • firehol.conf(5) - FireHOL configuration

       • firehol-params(5) - optional rule parameters

       • firehol-mark(5) - mark traffic for traffic shaping tools

       • iptables(8) (http://ipset.netfilter.org/iptables.man.html) - administration tool for IPv4 firewalls

       • ip6tables(8) (http://ipset.netfilter.org/ip6tables.man.html) - administration tool for IPv6 firewalls

       • ip(8) - show / manipulate routing, devices, policy routing and tunnels

       • FireHOL Website (http://firehol.org/)

       • FireHOL Online PDF Manual (http://firehol.org/firehol-manual.pdf)

       • FireHOL Online HTML Manual (http://firehol.org/manual)

       • Linux Advanced Routing & Traffic Control HOWTO (http://lartc.org/howto/)


AUTHORS
       FireHOL Team.

FireHOL Reference                               Built 06 May 2015                            firehol-connmark(5)