I found the following code snippet in the bitcoin source tree which is defined as part of a bash script to control the outbound connections on port 8333. Can someone explain me the exact working of the commands.
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 8333 ! -d ${LOCALNET} -j MARK --set-mark 0x2
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 8333 ! -d ${LOCALNET} -j MARK --set-mark 0x2
Source file: https://github.com/bitcoin/bitcoin/blob/ad57b310bac44a7e470cf66276421f2bbc61b1f0/contrib/qos/tc.sh
Let's break this down.
-t mangle: the table being changed-A OUTPUT: append this rule to the OUTPUT chain-p tcp: protocol is tcp-m tcp: load TCP module (this happens automatically with -p so this is superfluous)--(d|s)port 8333: destination|source port is 8333 ! -d ${LOCALNET}: Destination is not in the local network-j MARK: Jump to the MARK table (needed for --set-mark)--set-mark 0x2: Set a mark on the packet to be handled by something elseThe high level goal here is to set the 0x2 mark on the packet. From the comments on GitHub, that mark is used to limit the packets.