From 150f7ab798fbb238d9d5fecf57dccfd20c8b72e5 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 14 Jun 2018 07:58:06 -0700 Subject: [PATCH] Allow specification of the TPROXY mark in CONNMARK and MARK. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Chains.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index d25413877..f244b578f 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -5289,8 +5289,8 @@ sub do_imac( $ ) { # sub verify_mark( $ ) { my $mark = $_[0]; - my $limit = $globals{EXCLUSION_MASK}; - my $mask = $globals{TC_MASK}; + my $limit = $config{TC_EXPERT} ? $globals{TPROXY_MARK} + 1 : $globals{EXCLUSION_MASK}; + my $mask = $config{TC_EXPERT} ? $globals{TPROXY_MARK} : $globals{TC_MASK}; my $value = numeric_value( $mark ); fatal_error "Invalid Mark or Mask value ($mark)"