Clear provider mark on OUTPUT traffic

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4650 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-10-08 17:06:52 +00:00
parent 56c0cb2064
commit 96351b327b
4 changed files with 8 additions and 3 deletions

View File

@ -97,7 +97,8 @@
# #version 2.6.14). # #version 2.6.14).
# #
# In all of the above columns except ACTION and CHAIN, the values "-", # In all of the above columns except ACTION and CHAIN, the values "-",
# "any" and "all" may be used as wildcards # "any" and "all" may be used as wildcards. Omitted trailing columns are
# also treated as wildcards.
# #
# Please see http://shorewall.net/Accounting.html for examples and # Please see http://shorewall.net/Accounting.html for examples and
# additional information about how to use this file. # additional information about how to use this file.

View File

@ -6,6 +6,8 @@ Changes in 3.3.3
3) Make the maximum zone name length dependent on LOGFORMAT. 3) Make the maximum zone name length dependent on LOGFORMAT.
4) Clear provider marks in POSTROUTING when HIGH_ROUTE_MARKS=Yes.
Changes in 3.3.1 Changes in 3.3.1
1) Load the proxyarp lib when 'proxyarp' option is specified. 1) Load the proxyarp lib when 'proxyarp' option is specified.

View File

@ -913,7 +913,7 @@ setup_tc1() {
fi fi
if [ -n "$HIGH_ROUTE_MARKS" ]; then if [ -n "$HIGH_ROUTE_MARKS" ]; then
for chain in INPUT FORWARD; do for chain in INPUT FORWARD POSTROUTING; do
run_iptables -t mangle -I $chain -j MARK --and-mark 0xFF run_iptables -t mangle -I $chain -j MARK --and-mark 0xFF
done done
fi fi

View File

@ -33,7 +33,9 @@ Shorewall 3.3.3
Problems Corrected in 3.3.3 Problems Corrected in 3.3.3
None. 1) Previously, the 'provider' portion of the packet mark was not being
cleared after routing for traffic that originates on the firewall
itself.
Other changes in 3.3.3 Other changes in 3.3.3