I've set up some mangle rules, but they're not working as expected
I can't see a problem there, can any of you?/ ip firewall mangle
add chain=prerouting dst-address=202.168.47.17 protocol=udp dst-port=5060-5080 \
action=mark-connection new-connection-mark=voip-con passthrough=yes \
comment="" disabled=no
add chain=prerouting dst-address=202.168.47.17 protocol=udp \
dst-port=19000-20000 action=mark-connection new-connection-mark=voip-con \
passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=voip-con action=mark-packet \
new-packet-mark=voip passthrough=no comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=22-23 action=mark-connection \
new-connection-mark=sshtelnet-con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=sshtelnet-con action=mark-packet \
new-packet-mark=sshtelnet passthrough=no comment="" disabled=no
add chain=prerouting p2p=all-p2p action=mark-connection \
new-connection-mark=p2p-con passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=p2p-con action=mark-packet \
new-packet-mark=p2p passthrough=no comment="" disabled=no
add chain=prerouting action=mark-connection new-connection-mark=everything-con \
passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=everything-con action=mark-packet \
new-packet-mark=everything passthrough=yes comment="" disabled=no
As you can see chain the 3'd chain is clearly not the sum of the first two. It appears to be catching everything.Flags: X - disabled, I - invalid, D - dynamic
# CHAIN ACTION BYTES PACKETS
0 prerouting mark-connection 37995 51
1 prerouting mark-connection 0 0
2 prerouting mark-packet 5296244 22309
3 prerouting mark-connection 0 0
4 prerouting mark-packet 0 0
5 prerouting mark-connection 0 0
6 prerouting mark-packet 0 0
7 prerouting mark-connection 0 0
8 prerouting mark-packet 0 0