version 1.1.1.1, 2013/07/29 19:37:40
|
version 1.1.1.2, 2021/03/17 00:56:46
|
Line 13 connection comes out of the other side. However, some
|
Line 13 connection comes out of the other side. However, some
|
maintain that relationship through the proxy and continue the connection |
maintain that relationship through the proxy and continue the connection |
mark on packets upstream of our proxy |
mark on packets upstream of our proxy |
|
|
DNSMasq includes such a feature enabled by the --conntrack | Dnsmasq includes such a feature enabled by the --conntrack |
option. This allows, for example, using iptables to mark traffic from |
option. This allows, for example, using iptables to mark traffic from |
a particular IP, and that mark to be persisted to requests made *by* |
a particular IP, and that mark to be persisted to requests made *by* |
DNSMasq. Such a feature could be useful for bandwidth accounting, | Dnsmasq. Such a feature could be useful for bandwidth accounting, |
captive portals and the like. Note a similar feature has been |
captive portals and the like. Note a similar feature has been |
implemented in Squid 2.2 |
implemented in Squid 2.2 |
|
|
Line 40 on IP address. 3) Saves the firewall mark back to the
|
Line 40 on IP address. 3) Saves the firewall mark back to the
|
(which will persist it across related packets) |
(which will persist it across related packets) |
|
|
4) is applied to the OUTPUT table, which is where we first see packets |
4) is applied to the OUTPUT table, which is where we first see packets |
generated locally. DNSMasq will have already copied the firewall mark | generated locally. Dnsmasq will have already copied the firewall mark |
from the request, across to the new packet, and so all that remains is |
from the request, across to the new packet, and so all that remains is |
for iptables to copy it to the connection mark so it's persisted across |
for iptables to copy it to the connection mark so it's persisted across |
packets. |
packets. |