--and-mark while matching?

--and-mark while matching?

[Aaron Lewis]

Hi,

Looks like the mark module doesn't support "and" matching mechanism,

iptables -I INPUT -m mark --and-mark 0x20 -j REJECT

I want to match the packet when the mark has all bit of 0x20 set,
possible? 

-- 
Best Regards,
Aaron Lewis - PGP: 0xDFE6C29E ( http://pgp.mit.edu/ )
Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E

Re: --and-mark while matching?

[Ambroz Bizjak]

iptables -I INPUT -m mark --mark 0x20/0x20 -j REJECT

See the description of the mark match. If you specify "-m mark --mark
A/B", the mark is first and'ed with B and then the result is checked
for equality to A.

On Tue, Feb 12, 2013 at 10:47 AM, Aaron Lewis
<the.warl0ck.1989@gmail.com> wrote:
> Hi,
>
> Looks like the mark module doesn't support "and" matching mechanism,
>
> iptables -I INPUT -m mark --and-mark 0x20 -j REJECT
>
> I want to match the packet when the mark has all bit of 0x20 set,
> possible?
>
> --
> Best Regards,
> Aaron Lewis - PGP: 0xDFE6C29E ( http://pgp.mit.edu/ )
> Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html