filter on output table for packets already marked in the prerouting table

author: slioch <slioch@eng-140.vyatta.com> 2009-06-17 12:53:38 -0700
committer: slioch <slioch@eng-140.vyatta.com> 2009-06-17 12:55:44 -0700
commit: d2f0545a4496c73b8beaa8416ddcc1c9bfa2ed69 (patch)
tree: 2978a11409fc540b9b8cc49734effb0869a84358
parent: 7d8d803b20381f5780f06599fd7f7edd6795fda2 (diff)
download: vyatta-wanloadbalance-d2f0545a4496c73b8beaa8416ddcc1c9bfa2ed69.tar.gz
vyatta-wanloadbalance-d2f0545a4496c73b8beaa8416ddcc1c9bfa2ed69.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/lbdecision.cc b/src/lbdecision.cc
index 7b76f7b..fcc19d0 100644
--- a/src/lbdecision.cc
+++ b/src/lbdecision.cc
@@ -236,6 +236,7 @@ LBDecision::run(LBData &lb_data)
   //then if we do, flush all
   execute("iptables -t mangle -F PREROUTING", stdout);
   execute("iptables -t mangle -F OUTPUT", stdout);
+  execute("iptables -t mangle -A OUTPUT -m connmark ! --mark 0 -j ACCEPT", stdout); //avoid packets set in prerouting table
 
   //new request, bug 4112. flush conntrack tables if configured
   if (lb_data._flush_conntrack == true) {
author	slioch <slioch@eng-140.vyatta.com>	2009-06-17 12:53:38 -0700
committer	slioch <slioch@eng-140.vyatta.com>	2009-06-17 12:55:44 -0700
commit	d2f0545a4496c73b8beaa8416ddcc1c9bfa2ed69 (patch)
tree	2978a11409fc540b9b8cc49734effb0869a84358
parent	7d8d803b20381f5780f06599fd7f7edd6795fda2 (diff)
download	vyatta-wanloadbalance-d2f0545a4496c73b8beaa8416ddcc1c9bfa2ed69.tar.gz vyatta-wanloadbalance-d2f0545a4496c73b8beaa8416ddcc1c9bfa2ed69.zip