The MARK target is used to set Netfilter
mark values that are associated with specific packets. This target is only
valid in the mangle table, and will not work outside
there. The MARK values may be used in conjunction with the
advanced routing capabilities in Linux to send different packets through
different routes and to tell them to use different queue disciplines (qdisc),
etc. For more information on advanced routing, check out the Linux Advanced Routing
and Traffic Control HOW-TO. Note that the mark value is
not set within the actual package, but is a value that is associated within
the kernel with the packet. In other words, you can not set a
MARK for a packet and then expect the
MARK still to be there on another host. If this is what you
want, you will be better off with the TOS target which will
mangle the TOS value in the IP header.
Table 11-6. MARK target options
| Option | --set-mark |
| Example | iptables -t mangle -A PREROUTING -p tcp --dport 22 -j
MARK --set-mark 2 |
| Explanation | The --set-mark option is required to set a
mark. The --set-mark match takes an integer value. For
example, we may set mark 2 on a specific stream of packets, or on all packets
from a specific host and then do advanced routing on that host, to decrease or
increase the network bandwidth, etc.
|
 | Works under Linux kernel 2.3, 2.4, 2.5 and 2.6.
|
