From a7cacdfee3e5d84c5d576becf09d6fa03f93e683 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 20 Jan 2015 08:09:09 -0800 Subject: [PATCH 1/2] Allow SAVE and RESTORE in the INPUT chain Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Tc.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 5156ff818..352a22cda 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -564,7 +564,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) { RESTORE => { defaultchain => 0, - allowedchains => PREROUTING | FORWARD | OUTPUT | POSTROUTING, + allowedchains => PREROUTING | INPUT | FORWARD | OUTPUT | POSTROUTING, minparams => 0, maxparams => 1, function => sub () { @@ -593,7 +593,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) { SAVE => { defaultchain => 0, - allowedchains => PREROUTING | FORWARD | OUTPUT | POSTROUTING, + allowedchains => PREROUTING | INPUT | FORWARD | OUTPUT | POSTROUTING, minparams => 0, maxparams => 1, function => sub () { From 6f2308e0fafa441126f510a9ea7525f5d8aa97a6 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 20 Jan 2015 08:09:55 -0800 Subject: [PATCH 2/2] Correct syntax of the SAVE and RESTORE actions. Signed-off-by: Tom Eastep --- Shorewall/manpages/shorewall-mangle.xml | 5 +++-- Shorewall6/manpages/shorewall6-mangle.xml | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Shorewall/manpages/shorewall-mangle.xml b/Shorewall/manpages/shorewall-mangle.xml index df594a2e2..20adc4b03 100644 --- a/Shorewall/manpages/shorewall-mangle.xml +++ b/Shorewall/manpages/shorewall-mangle.xml @@ -499,7 +499,7 @@ INLINE eth0 - ; -p tcp -j MARK --set-mark RESTORE[(/mask)] + role="bold">RESTORE[(mask)] Restore the packet's mark from the connection's mark @@ -543,7 +543,8 @@ SAME $FW 0.0.0.0/0 tcp 80,443 - SAVE[(/mask)] + SAVE[(mask)] diff --git a/Shorewall6/manpages/shorewall6-mangle.xml b/Shorewall6/manpages/shorewall6-mangle.xml index 538b5ada1..74b3d5c73 100644 --- a/Shorewall6/manpages/shorewall6-mangle.xml +++ b/Shorewall6/manpages/shorewall6-mangle.xml @@ -500,7 +500,7 @@ INLINE eth0 - ; -p tcp -j MARK --set-mark RESTORE[(/mask)] + role="bold">RESTORE[(mask)] Restore the packet's mark from the connection's mark @@ -544,7 +544,8 @@ SAME $FW 0.0.0.0/0 tcp 80,443 - SAVE[(/mask)] + SAVE[(mask)]