extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-04-11 21:08:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Change note about MARK_IN_FORWARD_CHAIN

Browse Source
This commit is contained in:
Tom Eastep 2010-08-19 15:33:12 -07:00
parent af77eb08bc
commit 6b0fa8b4e2
1 changed files with 9 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/traffic_shaping.xml
View File

@ -428,11 +428,12 @@
<listitem> <listitem>
<para>REDIRECTED INTERFACES — Entries are appropriate in this column <para>REDIRECTED INTERFACES — Entries are appropriate in this column
only if the device in the INTERFACE column names a <link only if the device in the INTERFACE column names a <link
linkend="IFB">Intermediate Functional Block (IFB)</link>. It lists the linkend="IFB">Intermediate Functional Block (IFB)</link>. It lists
physical interfaces that will have their input shaped using classes the physical interfaces that will have their input shaped using
defined on the IFB. Neither the IFB nor any of the interfaces listed classes defined on the IFB. Neither the IFB nor any of the
in this column may have an IN-BANDWIDTH specified. You may specify interfaces listed in this column may have an IN-BANDWIDTH specified.
zero (0) or a dash ("-:) in the IN-BANDWIDTH column.</para> You may specify zero (0) or a dash ("-:) in the IN-BANDWIDTH
column.</para>
<para>IFB devices automatically get the <emphasis <para>IFB devices automatically get the <emphasis
role="bold">classify</emphasis> option.</para> role="bold">classify</emphasis> option.</para>
@ -816,12 +817,9 @@ ppp0 6000kbit 500kbit</programlisting>
in-depth look at the packet marking facility in Netfilter/Shorewall, in-depth look at the packet marking facility in Netfilter/Shorewall,
please see <ulink url="PacketMarking.html">this article</ulink>.</para> please see <ulink url="PacketMarking.html">this article</ulink>.</para>
<para>Normally, packet marking occurs in the PREROUTING chain before any <para><emphasis role="bold">For marking forwarded traffic, you must
address rewriting takes place. This makes it impossible to mark inbound either set MARK_IN_FORWARD_CHAIN=Yes shorewall.conf or by using the :F
packets based on their destination address when SNAT or Masquerading are qualifier (see below).</emphasis></para>
being used. You can cause packet marking to occur in the FORWARD chain
by using the MARK_IN_FORWARD_CHAIN option in shorewall.conf or by using
the :F qualifier (see below).</para>
<para>Columns in the file are as follows:</para> <para>Columns in the file are as follows:</para>