Is there any possibility to mark outgoing packets with iptables and recognize them by the response? I have a very simple outgoing rule:
iptables -A OUTPUT -m conntrack --ctstate NEW,ESTABLISHED,RELATED --m owner --uid-owner XXX -j ACCEPT
One way to accept response from this rule is just by accepting all incoming packets that has state ESTABLISHED,RELATED.
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
But I'm worried that can mess up my strictly configurated firewall setup. Instead I'm looking for a way to «tag»/«mark» this outgoing packet and then check the response. I know iptables has --set-mark but I don't think it work the way I want it to do.
I'm looking for something like this:
iptables -A OUTPUT -m conntrack --ctstate NEW,ESTABLISHED,RELATED -m owner --uid-owner 122 -m mark --set-mark 0x10 -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -m mark --mark 0x10 -j ACCEPT
I know that marking happens in mangle table, but this is just a example to illustrate what I want.
