extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-08-20 21:59:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

Change 'track' interraction with PREROUTING marking

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3861 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
2006-05-05 20:40:28 +00:00
parent cee575a5a2
commit 5c76e2a693
3 changed files with 34 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Shorewall/compiler
View File

@@ -3416,7 +3416,7 @@ process_tc_rule()
fatal_error "Invalid mark value ($mark) in rule \"$rule\""
;;
esac
elif [ -n "$HIGH_ROUTE_MARKS" -a $chain = tcpre ]; then
elif [ $(($mask)) -ne 0 -a -n "$HIGH_ROUTE_MARKS" -a $chain = tcpre ]; then
fatal_error "Marks < 256 may not be set in the PREROUTING chain when HIGH_ROUTE_MARKS=Yes"
fi
fi
@@ -3543,7 +3543,13 @@ setup_tc1() {
# packets that are not part of a marked connection to the 'tcpre/tcout' chains.
#
if [ -n "$ROUTEMARK_INTERFACES" ]; then
mark_part="-m mark --mark 0"
mark_part="-m mark --mark 0/0xFF00"
#
# But let marks in tcpre override those assigned by 'track'
#
for interface in $ROUTEMARK_INTERFACES; do
run_iptables -t mangle -A PREROUTING -i $interface -j tcpre
done
fi
run_iptables -t mangle -A PREROUTING $mark_part -j tcpre