Hi all, I'm having trouble with the mark=... option. ipsec accepts it nicely, but I can't match packets in the firewall rules; also I can't find the mark in /proc/net/nf_conntrack Thanks in advance for any hint..