diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index 7da485a7c..bc4121e45 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -777,7 +777,7 @@ sub add_a_provider( $$ ) {
}
sub add_an_rtrule( ) {
- my ( $source, $dest, $provider, $priority ) = split_line 'route_rules file', { source => 0, dest => 1, provider => 2, priority => 3 };
+ my ( $source, $dest, $provider, $priority, $originalmark ) = split_line 'route_rules file', { source => 0, dest => 1, provider => 2, priority => 3 , mark => 4 };
our $current_if;
@@ -840,13 +840,25 @@ sub add_an_rtrule( ) {
$source = "iif $source";
}
+ my $mark = '';
+ my $mask;
+
+ if ( $originalmark ne '-' ) {
+ validate_mark( $originalmark );
+
+ ( $mark, $mask ) = split '/' , $originalmark;
+ $mask = $globals{PROVIDER_MASK} unless supplied $mask;
+
+ $mark = ' fwmark ' . in_hex( $mark ) . '/' . in_hex( $mask );
+ }
+
fatal_error "Invalid priority ($priority)" unless $priority && $priority =~ /^\d{1,5}$/;
$priority = "priority $priority";
- push @{$providerref->{rules}}, "qt \$IP -$family rule del $source $dest $priority" if $config{DELETE_THEN_ADD};
- push @{$providerref->{rules}}, "run_ip rule add $source $dest $priority table $number";
- push @{$providerref->{rules}}, "echo \"qt \$IP -$family rule del $source $dest $priority\" >> \${VARDIR}/undo_${provider}_routing";
+ push @{$providerref->{rules}}, "qt \$IP -$family rule del $source ${dest}${mark} $priority" if $config{DELETE_THEN_ADD};
+ push @{$providerref->{rules}}, "run_ip rule add $source ${dest}${mark} $priority table $number";
+ push @{$providerref->{rules}}, "echo \"qt \$IP -$family rule del $source ${dest}${mark} $priority\" >> \${VARDIR}/undo_${provider}_routing";
progress_message " Routing rule \"$currentline\" $done";
}
diff --git a/Shorewall/configfiles/route_rules b/Shorewall/configfiles/route_rules
index 6682b6e24..543b703b0 100644
--- a/Shorewall/configfiles/route_rules
+++ b/Shorewall/configfiles/route_rules
@@ -4,5 +4,5 @@
# For information about entries in this file, type "man shorewall-route_rules"
#
# For additional information, see http://www.shorewall.net/MultiISP.html
-##############################################################################
-#SOURCE DEST PROVIDER PRIORITY
+####################################################################################
+#SOURCE DEST PROVIDER PRIORITY MASK
diff --git a/Shorewall6/configfiles/route_rules b/Shorewall6/configfiles/route_rules
index ba58d6e18..3766cc63c 100644
--- a/Shorewall6/configfiles/route_rules
+++ b/Shorewall6/configfiles/route_rules
@@ -4,5 +4,5 @@
# For information about entries in this file, type "man shorewall6-route_rules"
#
# For additional information, see http://www.shorewall.net/MultiISP.html
-##############################################################################
-#SOURCE DEST PROVIDER PRIORITY
+####################################################################################
+#SOURCE DEST PROVIDER PRIORITY MASK
diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml
index 5bd842eeb..5974cbf01 100644
--- a/docs/MultiISP.xml
+++ b/docs/MultiISP.xml
@@ -1055,6 +1055,20 @@ gateway:~ #
which they appear in the file.
+
+
+ MARK (Optional - added in Shorewall 4.4.25)
+
+
+ Mark and optional mask in the form
+ mark[/mask].
+ For this rule to be applied to a packet, the packet's mark value
+ must match the mark when logically
+ anded with the mask. If a
+ mask is not supplied, Shorewall
+ supplies a suitable provider mask.
+
+
diff --git a/manpages/shorewall-route_rules.xml b/manpages/shorewall-route_rules.xml
index 9bf5faed7..bebfd96d4 100644
--- a/manpages/shorewall-route_rules.xml
+++ b/manpages/shorewall-route_rules.xml
@@ -113,6 +113,20 @@
+
+
+ MARK -
+ {-|mark[/mask]}
+
+
+ Optional -- added in Shorewall 4.4.25. For this rule to be
+ applied to a packet, the packet's mark value must match the
+ mark when logically anded with the
+ mask. If a
+ mask is not supplied, Shorewall supplies
+ a suitable provider mask.
+
+
@@ -127,7 +141,7 @@
You want all traffic coming in on eth1 to be routed to the
ISP1 provider.
- #SOURCE DEST PROVIDER PRIORITY
+ #SOURCE DEST PROVIDER PRIORITY MASK
eth1 - ISP1 1000
@@ -144,7 +158,7 @@
is the subnet chosen in your OpenVPN configuration (server 10.8.0.0
255.255.255.0).
- #SOURCE DEST PROVIDER PRIORITY
+ #SOURCE DEST PROVIDER PRIORITY MASK
- 10.8.0.0/24 main 1000
diff --git a/manpages6/shorewall6-route_rules.xml b/manpages6/shorewall6-route_rules.xml
index 6a22b8970..305330fda 100644
--- a/manpages6/shorewall6-route_rules.xml
+++ b/manpages6/shorewall6-route_rules.xml
@@ -113,6 +113,20 @@
+
+
+ MARK -
+ {-|mark[/mask]}
+
+
+ Optional -- added in Shorewall 4.4.25. For this rule to be
+ applied to a packet, the packet's mark value must match the
+ mark when logically anded with the
+ mask. If a
+ mask is not supplied, Shorewall supplies
+ a suitable provider mask.
+
+
@@ -127,7 +141,7 @@
You want all traffic coming in on eth1 to be routed to the
ISP1 provider.
- #SOURCE DEST PROVIDER PRIORITY
+ #SOURCE DEST PROVIDER PRIORITY MASK
eth1 - ISP1 1000
@@ -149,10 +163,10 @@
shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
- shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
- shorewall6-providers(5), shorewall6-routestopped(5), shorewall6-rules(5),
- shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),
- shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5),
- shorewall6-zones(5)
+ shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5),
+ shorewall6-policy(5), shorewall6-providers(5), shorewall6-routestopped(5),
+ shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
+ shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),
+ shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)