I'm trying to do some policy routing. I have two providers and I want to route certain services over the non-default provider. This means I need to mark packets.
I've got a TagService created and a rule that has the tag option populated by this TagService. This is apparently how 5.0 handles MARK now.
However, fwbuilder compiles iptables rules that are placed in the INPUT/OUTPUT chains and not the PREROUTING chain. For policy routing under iptables the MARK actions should be handled by the PREROUTING chain of the mangle table. I would think this is especially necessary for routed packets as the documentation indicates that in the mangle table forwarded packets are processed by the PREROUTE/FORWARD/POSTROUTE chains and not by INPUT/OUTPUT at all.
How do I get fwbuilder to select the PREROUTING chain to place the MARK rule?
as a second question? Why is it ONLY marking the SYN packet even though I have stateless checked?