Description of problem:
Example of creating fwmarks for multiport service could benefit from the use of multiport iptables rule
Version-Release number of selected component (if applicable):
In section 3.4.1. Assigning Firewall Marks there is an example of creating firewall marks for use in a multiport service:
/sbin/iptables -t mangle -A PREROUTING -p tcp -d n.n.n.n/32 --dport 80 -j MARK --set-mark 80
/sbin/iptables -t mangle-A PREROUTING -p tcp -d n.n.n.n/32 --dport 443 -j MARK --set-mark 80
The goal of this example is to mark packets with the same firewall mark, but it is being done in multiple commands, which give a greater possibility of error or inconsistency. I recommend making use of the multiport directive so that the same firewall mark is made to all relevant ports at the same time in the same command. I would change this example to:
/sbin/iptables -t mangle -A PREROUTING -p tcp -d n.n.n.n/32 -m multiport --dports 80,443 -j MARK --set-mark 80
Also .. in the second example in the current documentation, there should be a space between the trailing 'e' in 'mangle' and the '-' used to append this rule to the PREROUTING chain
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
This bug/component is not included in scope for RHEL-5.11.0 which is the last RHEL5 minor release. This Bugzilla will soon be CLOSED as WONTFIX (at the end of RHEL5.11 development phase (Apr 22, 2014)). Please contact your account manager or support representative in case you need to escalate this bug.
Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in RHEL5 stream. If the issue is critical for your business, please provide additional business justification through the appropriate support channels (https://access.redhat.com/site/support).