Clear provider mark on OUTPUT traffic

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4650 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/accounting

@@ -97,7 +97,8 @@
 #					#version 2.6.14).
 #
 #	In all of the above columns except ACTION and CHAIN, the values "-",
-#	"any" and "all" may be used as wildcards
+#	"any" and "all" may be used as wildcards. Omitted trailing columns are
+#	also treated as wildcards.
 #
 # Please see http://shorewall.net/Accounting.html for examples and
 # additional information about how to use this file.

Shorewall/changelog.txt

@@ -6,6 +6,8 @@ Changes in 3.3.3
 
 3)  Make the maximum zone name length dependent on LOGFORMAT.
 
+4)  Clear provider marks in POSTROUTING when HIGH_ROUTE_MARKS=Yes.
+
 Changes in 3.3.1
 
 1)  Load the proxyarp lib when 'proxyarp' option is specified.

Shorewall/compiler

@@ -913,7 +913,7 @@ setup_tc1() {
     fi
 
     if [ -n "$HIGH_ROUTE_MARKS" ]; then
-	for chain in INPUT FORWARD; do
+	for chain in INPUT FORWARD POSTROUTING; do
 	    run_iptables -t mangle -I $chain -j MARK --and-mark 0xFF
 	done
     fi

Shorewall/releasenotes.txt

@@ -33,7 +33,9 @@ Shorewall 3.3.3
   	 
 Problems Corrected in 3.3.3
 
-None.
+1)  Previously, the 'provider' portion of the packet mark was not being
+    cleared after routing for traffic that originates on the firewall
+    itself.
 
 Other changes in 3.3.3