Actually, I think I got bitten (again) by conntrack because I tested it again today, and saw that I had to wait for the conntrack entries to time out in order to get the desired results. As long as I had ESTABLISHED connections with this peer (shorewall show connections | grep 107.154.118.114) I would get unexpected results (my mangle mark actions would not be honored).
Thanks again, Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
