you change policy
iptables -t mangle -A OUTPUT -p tcp –sport 80 -j MARK –set-mark 0x11
outbound
>
(1)
(2)
(3)
a.a.a.a
LAN Zeroshell(b.b.b.b)Wan
Internet
<
inbound
(5)
(4)
(1)a.a.a.a
http://www.google.com:80
(2)a.a.a.a
b.b.b.b:8080
(3)b.b.b.b
google:80
Can use -m layer7 –l7proto (contain include
http://)
(4)google:80
b.b.b.b
(5)google:80(Zeroshell Change ip google:80)
a.a.a.a
outbound and intbound are differe session
inbound Can not use -m layer7
must use -p tcp –sport 80
WAN output can use -m layer7 (contain include
http://)
LAN output can not -m layer7
outbound and intbound are differe session
(contain not include
http://)
must use -p tcp –sport 80