I am wondering if I can mark TCP and UDP packets with DSCP, then at Postrouting, if a packet has certain DSCP marking, it will be rerouted back to Prerouting.
The reason I am doing this is because I am running a transparent proxy, and UDP packet has to be routed to the Tproxy in the mangle table Prerouting chain. There are certain rules in filter table that I want to be applied before the packet goes to the transparent proxy. I am imaging a solution where I can mark these packets with DSCP first, let the filter table rules take place, then in the Postrouting chain, change DSCP mark, reroute it back to Prerouting, match the new DSCP mark and send it to the Tproxy.
Edit: sorry if my way of phrasing it makes anyone confusing. The problem I am trying to solve is that:
- tproxy only works in mangle table;
- I have rules in filter table (match dest IP and drop packet) and the rules have to be in the filter table because the Openwrt luci webui works in that way, I can't change it.
- If a packet goes into tproxy, the rules in filter does not work anymore.
What should I do if I want to apply rules in filter table first then send packet into tproxy?
