Is there any way to view nfmark like ctmark?2019 Community Moderator ElectionDefault mark for packets using iptablesTPROXY for redirecting UDP on arbitrary portsCurious about strange ICMP type 3 code 10 traffic to my IP addressSetting traffic class on return packetsDropping packets before mangle POSTROUTINGCONFIG_NF_CONNTRACK is not setWhy do some TCP reset packets show up in my iptables log?Iptables with libnetfilter NATing problemHow to list all network connections Centos 7 (Connection tracking)conntrack entries details
UK Tourist Visa- Enquiry
Error in master's thesis, I do not know what to do
Does the Shadow Magic sorcerer's Eyes of the Dark feature work on all Darkness spells or just his/her own?
How are passwords stolen from companies if they only store hashes?
is this saw blade faulty?
What is the difference between something being completely legal and being completely decriminalized?
Writing in a Christian voice
Gauss brackets with double vertical lines
Exit shell with shortcut (not typing exit) that closes session properly
Should I be concerned about student access to a test bank?
What are the consequences of changing the number of hours in a day?
Print last inputted byte
PTIJ: Which Dr. Seuss books should one obtain?
What (if any) is the reason to buy in small local stores?
Is VPN a layer 3 concept?
Hackerrank All Women's Codesprint 2019: Name the Product
PTIJ: Where did Achashverosh's years wander off to?
I got the following comment from a reputed math journal. What does it mean?
Turning a hard to access nut?
When should a starting writer get his own webpage?
Emojional cryptic crossword
Can "few" be used as a subject? If so, what is the rule?
Air travel with refrigerated insulin
What is it called when someone votes for an option that's not their first choice?
Is there any way to view nfmark like ctmark?
2019 Community Moderator ElectionDefault mark for packets using iptablesTPROXY for redirecting UDP on arbitrary portsCurious about strange ICMP type 3 code 10 traffic to my IP addressSetting traffic class on return packetsDropping packets before mangle POSTROUTINGCONFIG_NF_CONNTRACK is not setWhy do some TCP reset packets show up in my iptables log?Iptables with libnetfilter NATing problemHow to list all network connections Centos 7 (Connection tracking)conntrack entries details
I understand that iptables --set-mark does not add mark "on" the packets. The MARK target is for associating a mark with the packet in the kernel data structures. The packet itself is not modified. But is there any way to view the packet with its associated mark?
We can see ctmark (connection marks which are set using CONNMARK target) from /proc/net/nf_conntrack. I am looking for something similar for viewing nfmark (packet marks).
This is how we can view ctmark.
iptables -I OUTPUT 1 -t mangle -j CONNMARK --restore-mark
iptables -I OUTPUT 2 -t mangle -m conntrack --ctorigdst 172.30.138.151 -m mark --mark 0 -j MARK --set-mark 2
iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark
Then we can see the connection mark in the /proc/net/nf_conntrack file. mark=2
ipv4 2 icmp 1 18 src=157.43.150.253 dst=172.30.138.151 type=8 code=0 id=54809 packets=4 bytes=336 src=172.30.138.151 dst=157.43.150.253 type=0 code=0 id=54809 packets=4 bytes=336 mark=2 zone=0 use=2
Another question about the /proc/net/nf_conntrack output. What is the meaning of the field use? I have seen use=1, use=2 etc. This website says it is "Use count of this connection structure".
iptables netfilter ip-conntrack
edited Feb 10 at 16:11
Rui F Ribeiro
41.5k1483141
asked Feb 10 at 16:05
Sourav GhoshSourav Ghosh
1035
add a comment |
I understand that iptables --set-mark does not add mark "on" the packets. The MARK target is for associating a mark with the packet in the kernel data structures. The packet itself is not modified. But is there any way to view the packet with its associated mark?
We can see ctmark (connection marks which are set using CONNMARK target) from /proc/net/nf_conntrack. I am looking for something similar for viewing nfmark (packet marks).
This is how we can view ctmark.
iptables -I OUTPUT 1 -t mangle -j CONNMARK --restore-mark
iptables -I OUTPUT 2 -t mangle -m conntrack --ctorigdst 172.30.138.151 -m mark --mark 0 -j MARK --set-mark 2
iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark
Then we can see the connection mark in the /proc/net/nf_conntrack file. mark=2
ipv4 2 icmp 1 18 src=157.43.150.253 dst=172.30.138.151 type=8 code=0 id=54809 packets=4 bytes=336 src=172.30.138.151 dst=157.43.150.253 type=0 code=0 id=54809 packets=4 bytes=336 mark=2 zone=0 use=2
Another question about the /proc/net/nf_conntrack output. What is the meaning of the field use? I have seen use=1, use=2 etc. This website says it is "Use count of this connection structure".
iptables netfilter ip-conntrack
edited Feb 10 at 16:11
Rui F Ribeiro
41.5k1483141
asked Feb 10 at 16:05
Sourav GhoshSourav Ghosh
1035
1
iptables' LOG target will write the packet's mark at the end of the log line if it's non zero.
– A.B
2 days ago
@A.B Yes, you are right. Now, I can see the nfmarks.kern.debug kernel: [11007.886926] IPTables-Marks: IN=wlan0 OUT= MAC=e4:xx:xx:xx:97:32:28:xx:xx:xx:fb:60:08:00 SRC=192.168.8.10 DST=192.168.8.1 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=23698 DF PROTO=TCP SPT=36764 DPT=22 WINDOW=254 RES=0x00 ACK URGP=0 MARK=0x2Thank you. You can add your comment as a detailed answer, if you want.
– Sourav Ghosh
22 hours ago
turned it into a proper answer
– A.B
13 hours ago
add a comment |
I understand that iptables --set-mark does not add mark "on" the packets. The MARK target is for associating a mark with the packet in the kernel data structures. The packet itself is not modified. But is there any way to view the packet with its associated mark?
We can see ctmark (connection marks which are set using CONNMARK target) from /proc/net/nf_conntrack. I am looking for something similar for viewing nfmark (packet marks).
This is how we can view ctmark.
iptables -I OUTPUT 1 -t mangle -j CONNMARK --restore-mark
iptables -I OUTPUT 2 -t mangle -m conntrack --ctorigdst 172.30.138.151 -m mark --mark 0 -j MARK --set-mark 2
iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark
Then we can see the connection mark in the /proc/net/nf_conntrack file. mark=2
ipv4 2 icmp 1 18 src=157.43.150.253 dst=172.30.138.151 type=8 code=0 id=54809 packets=4 bytes=336 src=172.30.138.151 dst=157.43.150.253 type=0 code=0 id=54809 packets=4 bytes=336 mark=2 zone=0 use=2
Another question about the /proc/net/nf_conntrack output. What is the meaning of the field use? I have seen use=1, use=2 etc. This website says it is "Use count of this connection structure".
iptables netfilter ip-conntrack
edited Feb 10 at 16:11
Rui F Ribeiro
41.5k1483141
asked Feb 10 at 16:05
Sourav GhoshSourav Ghosh
1035
I understand that iptables --set-mark does not add mark "on" the packets. The MARK target is for associating a mark with the packet in the kernel data structures. The packet itself is not modified. But is there any way to view the packet with its associated mark?
We can see ctmark (connection marks which are set using CONNMARK target) from /proc/net/nf_conntrack. I am looking for something similar for viewing nfmark (packet marks).
This is how we can view ctmark.
iptables -I OUTPUT 1 -t mangle -j CONNMARK --restore-mark
iptables -I OUTPUT 2 -t mangle -m conntrack --ctorigdst 172.30.138.151 -m mark --mark 0 -j MARK --set-mark 2
iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark
Then we can see the connection mark in the /proc/net/nf_conntrack file. mark=2
ipv4 2 icmp 1 18 src=157.43.150.253 dst=172.30.138.151 type=8 code=0 id=54809 packets=4 bytes=336 src=172.30.138.151 dst=157.43.150.253 type=0 code=0 id=54809 packets=4 bytes=336 mark=2 zone=0 use=2
Another question about the /proc/net/nf_conntrack output. What is the meaning of the field use? I have seen use=1, use=2 etc. This website says it is "Use count of this connection structure".
iptables netfilter ip-conntrack
iptables netfilter ip-conntrack
edited Feb 10 at 16:11
Rui F Ribeiro
41.5k1483141
asked Feb 10 at 16:05
Sourav GhoshSourav Ghosh
1035
edited Feb 10 at 16:11
Rui F Ribeiro
41.5k1483141
asked Feb 10 at 16:05
Sourav GhoshSourav Ghosh
1035
edited Feb 10 at 16:11
Rui F Ribeiro
41.5k1483141
edited Feb 10 at 16:11
Rui F Ribeiro
41.5k1483141
edited Feb 10 at 16:11
Rui F Ribeiro
41.5k1483141
41.5k1483141
asked Feb 10 at 16:05
Sourav GhoshSourav Ghosh
1035
asked Feb 10 at 16:05
Sourav GhoshSourav Ghosh
1035
asked Feb 10 at 16:05
Sourav GhoshSourav Ghosh
1035
1035
1
iptables' LOG target will write the packet's mark at the end of the log line if it's non zero.
– A.B
2 days ago
@A.B Yes, you are right. Now, I can see the nfmarks.kern.debug kernel: [11007.886926] IPTables-Marks: IN=wlan0 OUT= MAC=e4:xx:xx:xx:97:32:28:xx:xx:xx:fb:60:08:00 SRC=192.168.8.10 DST=192.168.8.1 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=23698 DF PROTO=TCP SPT=36764 DPT=22 WINDOW=254 RES=0x00 ACK URGP=0 MARK=0x2Thank you. You can add your comment as a detailed answer, if you want.
– Sourav Ghosh
22 hours ago
turned it into a proper answer
– A.B
13 hours ago
add a comment |
1
iptables' LOG target will write the packet's mark at the end of the log line if it's non zero.
– A.B
2 days ago
@A.B Yes, you are right. Now, I can see the nfmarks.kern.debug kernel: [11007.886926] IPTables-Marks: IN=wlan0 OUT= MAC=e4:xx:xx:xx:97:32:28:xx:xx:xx:fb:60:08:00 SRC=192.168.8.10 DST=192.168.8.1 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=23698 DF PROTO=TCP SPT=36764 DPT=22 WINDOW=254 RES=0x00 ACK URGP=0 MARK=0x2Thank you. You can add your comment as a detailed answer, if you want.
– Sourav Ghosh
22 hours ago
turned it into a proper answer
– A.B
13 hours ago
1
1
iptables' LOG target will write the packet's mark at the end of the log line if it's non zero.
– A.B
2 days ago
iptables' LOG target will write the packet's mark at the end of the log line if it's non zero.
– A.B
2 days ago
@A.B Yes, you are right. Now, I can see the nfmarks.
kern.debug kernel: [11007.886926] IPTables-Marks: IN=wlan0 OUT= MAC=e4:xx:xx:xx:97:32:28:xx:xx:xx:fb:60:08:00 SRC=192.168.8.10 DST=192.168.8.1 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=23698 DF PROTO=TCP SPT=36764 DPT=22 WINDOW=254 RES=0x00 ACK URGP=0 MARK=0x2 Thank you. You can add your comment as a detailed answer, if you want.– Sourav Ghosh
22 hours ago
@A.B Yes, you are right. Now, I can see the nfmarks.
kern.debug kernel: [11007.886926] IPTables-Marks: IN=wlan0 OUT= MAC=e4:xx:xx:xx:97:32:28:xx:xx:xx:fb:60:08:00 SRC=192.168.8.10 DST=192.168.8.1 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=23698 DF PROTO=TCP SPT=36764 DPT=22 WINDOW=254 RES=0x00 ACK URGP=0 MARK=0x2 Thank you. You can add your comment as a detailed answer, if you want.– Sourav Ghosh
22 hours ago
turned it into a proper answer
– A.B
13 hours ago
turned it into a proper answer
– A.B
13 hours ago
add a comment |
1 Answer
1
active
oldest
votes
The question is about the fwmark or just mark (historically named nfmark but renamed to just mark at the same time it didn't depend anymore on netfilter. The word nfmark is now a bit misleading, but still present in a few places which weren't or couldn't be updated). This mark is done on the packet's skbuff, while the conntrack mark (aka ctmark etc.) is done on a conntrack entry.
The easiest way to get a packet's mark is to log it via iptables' LOG target. Something like this (with a limit to avoid flood):
iptables -A INPUT -m mark ! --mark 0 -m limit --limit 8/min --limit-burst 12 -j LOG --log-prefix "IPTables-Marks: "
should log packets with a mark. The mark (when non-zero, which is the case with the match chosen above) is displayed at the end of the log line. (From OP's comment) example:
kern.debug kernel: [11007.886926] IPTables-Marks: IN=wlan0 OUT= MAC=e4:xx:xx:xx:97:32:28:xx:xx:xx:fb:60:08:00 SRC=192.168.8.10 DST=192.168.8.1 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=23698 DF PROTO=TCP SPT=36764 DPT=22 WINDOW=254 RES=0x00 ACK URGP=0 MARK=0x2
There are other methods, better suited for automatization but harder to implement, like iptables' NFLOG target intended to "send" the whole packet to a logging program listening on a netlink socket, which could retrieve the mark with nflog_get_nfmark() (old naming...). tcpdump can listen to the nflog facility (try tcpdump --list-interfaces) and display selected packets, which can sometimes be handier than logs to debug, but I don't know of a way to have it also display the mark (it doesn't know about nflog_get_nfmark() or how to ask libpcap about it).
answered 13 hours ago
A.BA.B
5,2621829
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f499791%2fis-there-any-way-to-view-nfmark-like-ctmark%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The question is about the fwmark or just mark (historically named nfmark but renamed to just mark at the same time it didn't depend anymore on netfilter. The word nfmark is now a bit misleading, but still present in a few places which weren't or couldn't be updated). This mark is done on the packet's skbuff, while the conntrack mark (aka ctmark etc.) is done on a conntrack entry.
The easiest way to get a packet's mark is to log it via iptables' LOG target. Something like this (with a limit to avoid flood):
iptables -A INPUT -m mark ! --mark 0 -m limit --limit 8/min --limit-burst 12 -j LOG --log-prefix "IPTables-Marks: "
should log packets with a mark. The mark (when non-zero, which is the case with the match chosen above) is displayed at the end of the log line. (From OP's comment) example:
kern.debug kernel: [11007.886926] IPTables-Marks: IN=wlan0 OUT= MAC=e4:xx:xx:xx:97:32:28:xx:xx:xx:fb:60:08:00 SRC=192.168.8.10 DST=192.168.8.1 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=23698 DF PROTO=TCP SPT=36764 DPT=22 WINDOW=254 RES=0x00 ACK URGP=0 MARK=0x2
There are other methods, better suited for automatization but harder to implement, like iptables' NFLOG target intended to "send" the whole packet to a logging program listening on a netlink socket, which could retrieve the mark with nflog_get_nfmark() (old naming...). tcpdump can listen to the nflog facility (try tcpdump --list-interfaces) and display selected packets, which can sometimes be handier than logs to debug, but I don't know of a way to have it also display the mark (it doesn't know about nflog_get_nfmark() or how to ask libpcap about it).
answered 13 hours ago
A.BA.B
5,2621829
add a comment |
The question is about the fwmark or just mark (historically named nfmark but renamed to just mark at the same time it didn't depend anymore on netfilter. The word nfmark is now a bit misleading, but still present in a few places which weren't or couldn't be updated). This mark is done on the packet's skbuff, while the conntrack mark (aka ctmark etc.) is done on a conntrack entry.
The easiest way to get a packet's mark is to log it via iptables' LOG target. Something like this (with a limit to avoid flood):
iptables -A INPUT -m mark ! --mark 0 -m limit --limit 8/min --limit-burst 12 -j LOG --log-prefix "IPTables-Marks: "
should log packets with a mark. The mark (when non-zero, which is the case with the match chosen above) is displayed at the end of the log line. (From OP's comment) example:
kern.debug kernel: [11007.886926] IPTables-Marks: IN=wlan0 OUT= MAC=e4:xx:xx:xx:97:32:28:xx:xx:xx:fb:60:08:00 SRC=192.168.8.10 DST=192.168.8.1 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=23698 DF PROTO=TCP SPT=36764 DPT=22 WINDOW=254 RES=0x00 ACK URGP=0 MARK=0x2
There are other methods, better suited for automatization but harder to implement, like iptables' NFLOG target intended to "send" the whole packet to a logging program listening on a netlink socket, which could retrieve the mark with nflog_get_nfmark() (old naming...). tcpdump can listen to the nflog facility (try tcpdump --list-interfaces) and display selected packets, which can sometimes be handier than logs to debug, but I don't know of a way to have it also display the mark (it doesn't know about nflog_get_nfmark() or how to ask libpcap about it).
answered 13 hours ago
A.BA.B
5,2621829
add a comment |
The question is about the fwmark or just mark (historically named nfmark but renamed to just mark at the same time it didn't depend anymore on netfilter. The word nfmark is now a bit misleading, but still present in a few places which weren't or couldn't be updated). This mark is done on the packet's skbuff, while the conntrack mark (aka ctmark etc.) is done on a conntrack entry.
The easiest way to get a packet's mark is to log it via iptables' LOG target. Something like this (with a limit to avoid flood):
iptables -A INPUT -m mark ! --mark 0 -m limit --limit 8/min --limit-burst 12 -j LOG --log-prefix "IPTables-Marks: "
should log packets with a mark. The mark (when non-zero, which is the case with the match chosen above) is displayed at the end of the log line. (From OP's comment) example:
kern.debug kernel: [11007.886926] IPTables-Marks: IN=wlan0 OUT= MAC=e4:xx:xx:xx:97:32:28:xx:xx:xx:fb:60:08:00 SRC=192.168.8.10 DST=192.168.8.1 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=23698 DF PROTO=TCP SPT=36764 DPT=22 WINDOW=254 RES=0x00 ACK URGP=0 MARK=0x2
There are other methods, better suited for automatization but harder to implement, like iptables' NFLOG target intended to "send" the whole packet to a logging program listening on a netlink socket, which could retrieve the mark with nflog_get_nfmark() (old naming...). tcpdump can listen to the nflog facility (try tcpdump --list-interfaces) and display selected packets, which can sometimes be handier than logs to debug, but I don't know of a way to have it also display the mark (it doesn't know about nflog_get_nfmark() or how to ask libpcap about it).
answered 13 hours ago
A.BA.B
5,2621829
The question is about the fwmark or just mark (historically named nfmark but renamed to just mark at the same time it didn't depend anymore on netfilter. The word nfmark is now a bit misleading, but still present in a few places which weren't or couldn't be updated). This mark is done on the packet's skbuff, while the conntrack mark (aka ctmark etc.) is done on a conntrack entry.
The easiest way to get a packet's mark is to log it via iptables' LOG target. Something like this (with a limit to avoid flood):
iptables -A INPUT -m mark ! --mark 0 -m limit --limit 8/min --limit-burst 12 -j LOG --log-prefix "IPTables-Marks: "
should log packets with a mark. The mark (when non-zero, which is the case with the match chosen above) is displayed at the end of the log line. (From OP's comment) example:
kern.debug kernel: [11007.886926] IPTables-Marks: IN=wlan0 OUT= MAC=e4:xx:xx:xx:97:32:28:xx:xx:xx:fb:60:08:00 SRC=192.168.8.10 DST=192.168.8.1 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=23698 DF PROTO=TCP SPT=36764 DPT=22 WINDOW=254 RES=0x00 ACK URGP=0 MARK=0x2
There are other methods, better suited for automatization but harder to implement, like iptables' NFLOG target intended to "send" the whole packet to a logging program listening on a netlink socket, which could retrieve the mark with nflog_get_nfmark() (old naming...). tcpdump can listen to the nflog facility (try tcpdump --list-interfaces) and display selected packets, which can sometimes be handier than logs to debug, but I don't know of a way to have it also display the mark (it doesn't know about nflog_get_nfmark() or how to ask libpcap about it).
answered 13 hours ago
A.BA.B
5,2621829
edited 13 hours ago
answered 13 hours ago
A.BA.B
5,2621829
answered 13 hours ago
A.BA.B
5,2621829
answered 13 hours ago
A.BA.B
5,2621829
5,2621829
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f499791%2fis-there-any-way-to-view-nfmark-like-ctmark%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
iptables' LOG target will write the packet's mark at the end of the log line if it's non zero.
– A.B
2 days ago
@A.B Yes, you are right. Now, I can see the nfmarks.
kern.debug kernel: [11007.886926] IPTables-Marks: IN=wlan0 OUT= MAC=e4:xx:xx:xx:97:32:28:xx:xx:xx:fb:60:08:00 SRC=192.168.8.10 DST=192.168.8.1 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=23698 DF PROTO=TCP SPT=36764 DPT=22 WINDOW=254 RES=0x00 ACK URGP=0 MARK=0x2Thank you. You can add your comment as a detailed answer, if you want.– Sourav Ghosh
22 hours ago
turned it into a proper answer
– A.B
13 hours ago