This table should as we've already noted mainly be used for mangling packets.
In other words, you may freely use the mangle targets within this table, to change TOS (Type Of Service) fields and the like.
You are strongly advised not to use this table for any
filtering; nor will any DNAT, SNAT
or Masquerading work in this table.
The following targets are only valid in the mangle table. They can not be used
outside the mangle table.
The TOS target is used to set and/or change
the Type of Service field in the packet. This
could be used for setting up policies on the network regarding how a
packet should be routed and so on. Note that this has not been perfected
and is not really implemented on the Internet and most of the routers
don't care about the value in this field, and sometimes, they act faulty
on what they get. Don't set this in other words for packets going to the
Internet unless you want to make routing decisions on it, with iproute2.
The TTL target is used to change the
TTL (Time To Live) field of the packet. We could
tell packets to only have a specific TTL and so
on. One good reason for this could be that we don't want to give ourself
away to nosy Internet Service Providers. Some Internet Service Providers
do not like users running multiple computers on one single connection,
and there are some Internet Service Providers known to look for a single
host generating different TTL values, and
take this as one of many signs of multiple computers connected to a
The MARK target is used to set special
mark values to the packet. These marks could then
be recognized by the iproute2 programs to do different
routing on the packet depending on what mark they
have, or if they don't have any. We could also do bandwidth limiting and
Class Based Queuing based on these marks.