mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-20 17:58:07 +02:00
More fixes for tos handling
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4573 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
8f0e95733f
commit
29075928dd
@ -3008,16 +3008,21 @@ process_tos_rule() {
|
|||||||
tos="-j TOS --set-tos $tos"
|
tos="-j TOS --set-tos $tos"
|
||||||
|
|
||||||
case "$dstzone" in
|
case "$dstzone" in
|
||||||
all|ALL)
|
all|ALL)
|
||||||
dst=0.0.0.0/0
|
dst=0.0.0.0/0
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
[ -z "$dst" ] && eval dst=\$${dstzone}_hosts
|
if [ -z "$MANGLE_FORWARD" ]; then
|
||||||
|
error_message "WARNING: A zone name in the DEST column requires Mangle FORWARD Chain support in your kernel and iptables: rule \"$rule\" ignored"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
[ -z "$dst" ] && eval dst=\$${dstzone}_hosts
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
for dest in $dst; do
|
for dest in $dst; do
|
||||||
dest=$(match_dest $dest)
|
dest="$(match_dest $dest)"
|
||||||
|
|
||||||
case $srczone in
|
case $srczone in
|
||||||
$FW)
|
$FW)
|
||||||
@ -3027,18 +3032,18 @@ process_tos_rule() {
|
|||||||
all|ALL)
|
all|ALL)
|
||||||
run_iptables2 -t mangle -A outtos \
|
run_iptables2 -t mangle -A outtos \
|
||||||
$protocol $dest $dports $sports $tos
|
$protocol $dest $dports $sports $tos
|
||||||
run_iptables2 -t mangle -A pretos \
|
run_iptables2 -t mangle -A $chain \
|
||||||
$protocol $dest $dports $sports $tos
|
$protocol $dest $dports $sports $tos
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
if [ -n "$src" ]; then
|
if [ -n "$src" ]; then
|
||||||
run_iptables2 -t mangle -A pretos $src \
|
run_iptables2 -t mangle -A $chain $src \
|
||||||
$protocol $dest $dports $sports $tos
|
$protocol $dest $dports $sports $tos
|
||||||
else
|
else
|
||||||
eval hosts=\$${srczone}_hosts
|
eval hosts=\$${srczone}_hosts
|
||||||
|
|
||||||
for host in $hosts; do
|
for host in $hosts; do
|
||||||
run_iptables2 -t mangle -A pretos $(match_source $host) \
|
run_iptables2 -t mangle -A $chain $(match_source $host) \
|
||||||
$protocol $dest $dports $sports $tos
|
$protocol $dest $dports $sports $tos
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
@ -3055,12 +3060,19 @@ process_tos_rule() {
|
|||||||
#
|
#
|
||||||
process_tos() # $1 = name of tos file
|
process_tos() # $1 = name of tos file
|
||||||
{
|
{
|
||||||
|
local chain=pretos stdchain=PREROUTING
|
||||||
|
|
||||||
|
if [ -n "$MANGLE_FORWARD" ]; then
|
||||||
|
chain=fortos
|
||||||
|
stdchain=FORWARD
|
||||||
|
fi
|
||||||
|
|
||||||
progress_message2 "$DOING $1..."
|
progress_message2 "$DOING $1..."
|
||||||
|
|
||||||
strip_file tos $1
|
strip_file tos $1
|
||||||
|
|
||||||
if [ -s $TMP_DIR/tos ] ; then
|
if [ -s $TMP_DIR/tos ] ; then
|
||||||
createmanglechain pretos
|
createmanglechain $chain
|
||||||
createmanglechain outtos
|
createmanglechain outtos
|
||||||
|
|
||||||
while read src dst protocol sport dport tos; do
|
while read src dst protocol sport dport tos; do
|
||||||
@ -3069,7 +3081,7 @@ process_tos() # $1 = name of tos file
|
|||||||
process_tos_rule
|
process_tos_rule
|
||||||
done < $TMP_DIR/tos
|
done < $TMP_DIR/tos
|
||||||
|
|
||||||
run_iptables -t mangle -A PREROUTING -j pretos
|
run_iptables -t mangle -A $stdchain -j $chain
|
||||||
run_iptables -t mangle -A OUTPUT -j outtos
|
run_iptables -t mangle -A OUTPUT -j outtos
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user