iptables - remove packet mark on certain packets

I am using the following iptables script to redirect packets on port 443 to a proxy server:

iptables -t mangle -A PREROUTING -p tcp --dport 443 -j MARK --set-mark 2

I am redirecting it to my proxy server later on, which is working. For one host, however, I need to remove the iptables mark (i.e. the packets will not be redirected.) I tried the following:

iptables -t mangle -A PREROUTING -p tcp -s 192.168.0.47 --dport 443 -j ACCEPT

I have also tried (attempting to rewrite the mark to a different number):

iptables -t mangle -A PREROUTING -p tcp -s 192.168.0.47 --dport 443 -j MARK --set-mark 1

However none of them are working. Is there a --remove-mark? I couldn't find anything on Google.

Any help would be appreciated.

Solution

I figured it out. I used the following:

iptables -t mangle -A PREROUTING -p tcp ! -s 192.168.0.47 --dport 443 -j MARK --set-mark 2

To mark it so it doesn't mark the host in the first place.

is tcpdump affected by iptables filtering?
Is there an Ansible module that helps saving iptables configuration after startups
Is there a way for non-root processes to bind to "privileged" ports on Linux?
Direct ALL android traffic through SSH tunnel
gitea using a normal user and https
Gitlab with non-standard SSH port (on VM with Iptable forwarding)
AWS EC2 Instance - ssh "Connection timed out" suspecting iptables
Iptables forward port range to another port range on a different host
Unable to GET nginx welcome page from Hetzner Ubuntu 24.04. LTS server with custom domain and docker
iptables block access to port 8000 except from IP address
What is the best practice of docker + ufw under Ubuntu
Docker server networking - reject incoming connections but allow outgoing
iptables rules for jupyter notebook
Iptables v1.4.14: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Restrict connections to the Docker daemon - What should be the value of ext_if
Logging Dropped Packets in IPTables?
Connection refused to MongoDB errno 111
Rancher 1.6 port forwarding on any host forwards to host with rancher/server installed
What is the best way to forward all requests on a certain port to another machine on the network?
DNAT translation in iptables for TCP connections
iptables rate limiting connection request
Docker containers with bridge network cannot ping anything (even default gateway)
rsyslog - Property-based filtering not working
iptables LOG and DROP in one rule
Docker ignores iptable rules when using "-p <port>:<port>"
Docker: How to re-create dockers additional iptables rules?
nftables rules for docker
Prevent prompt when `apt install -y iptables persistent` on Debian/Ubuntu
Not sure how to properly use variables and use them in if statements in bash scripting
Change port number while forwarding