mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-27 10:03:41 +01:00
Clear provider mark on OUTPUT traffic
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4650 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
56c0cb2064
commit
96351b327b
@ -97,7 +97,8 @@
|
|||||||
# #version 2.6.14).
|
# #version 2.6.14).
|
||||||
#
|
#
|
||||||
# In all of the above columns except ACTION and CHAIN, the values "-",
|
# In all of the above columns except ACTION and CHAIN, the values "-",
|
||||||
# "any" and "all" may be used as wildcards
|
# "any" and "all" may be used as wildcards. Omitted trailing columns are
|
||||||
|
# also treated as wildcards.
|
||||||
#
|
#
|
||||||
# Please see http://shorewall.net/Accounting.html for examples and
|
# Please see http://shorewall.net/Accounting.html for examples and
|
||||||
# additional information about how to use this file.
|
# additional information about how to use this file.
|
||||||
|
@ -6,6 +6,8 @@ Changes in 3.3.3
|
|||||||
|
|
||||||
3) Make the maximum zone name length dependent on LOGFORMAT.
|
3) Make the maximum zone name length dependent on LOGFORMAT.
|
||||||
|
|
||||||
|
4) Clear provider marks in POSTROUTING when HIGH_ROUTE_MARKS=Yes.
|
||||||
|
|
||||||
Changes in 3.3.1
|
Changes in 3.3.1
|
||||||
|
|
||||||
1) Load the proxyarp lib when 'proxyarp' option is specified.
|
1) Load the proxyarp lib when 'proxyarp' option is specified.
|
||||||
|
@ -913,7 +913,7 @@ setup_tc1() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$HIGH_ROUTE_MARKS" ]; then
|
if [ -n "$HIGH_ROUTE_MARKS" ]; then
|
||||||
for chain in INPUT FORWARD; do
|
for chain in INPUT FORWARD POSTROUTING; do
|
||||||
run_iptables -t mangle -I $chain -j MARK --and-mark 0xFF
|
run_iptables -t mangle -I $chain -j MARK --and-mark 0xFF
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
@ -33,7 +33,9 @@ Shorewall 3.3.3
|
|||||||
|
|
||||||
Problems Corrected in 3.3.3
|
Problems Corrected in 3.3.3
|
||||||
|
|
||||||
None.
|
1) Previously, the 'provider' portion of the packet mark was not being
|
||||||
|
cleared after routing for traffic that originates on the firewall
|
||||||
|
itself.
|
||||||
|
|
||||||
Other changes in 3.3.3
|
Other changes in 3.3.3
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user