From 9ebd6ceaae29e5c26e863cce9c4898d4ed043bdc Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Tue, 31 Dec 2002 03:50:05 +0000
Subject: [PATCH] Exit status 255 from tcclear indicates that Shorewall should
 not clear tc

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@391 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/changelog.txt    |  2 ++
 Shorewall/firewall         | 26 +++++++++++++++-----------
 Shorewall/releasenotes.txt |  7 +++++--
 3 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 4921ca591..f72662fd9 100755
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -4,3 +4,5 @@ Changes since 1.3.12
 
 2. Print policies in 'check' command.
 
+3. Result 255 from /etc/shorewall/tcclear inhibits clearing tc rules.
+
diff --git a/Shorewall/firewall b/Shorewall/firewall
index 2d055cc3a..7c6935468 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -1843,23 +1843,27 @@ setup_tc() {
 #
 delete_tc()
 {
+    local result
+
     clear_one_tc() {
 	tc qdisc del dev $1 root    2> /dev/null
 	tc qdisc del dev $1 ingress 2> /dev/null
     }
 
     run_user_exit tcclear
+    result=$?
 
-    run_ip link list | \
-    while read inx interface details; do
-	case $inx in
-	[0-9]*)
-	    clear_one_tc ${interface%:}
-	    ;;
-	*)
-	    ;;
-	esac
-    done
+    if [ $result -ne 255 ]; then
+	run_ip link list | while read inx interface details; do
+	    case $inx in
+		[0-9]*)
+                    clear_one_tc ${interface%:}
+		    ;;
+		*)
+		    ;;
+	    esac
+	done
+    fi
 }
 
 #
@@ -3297,7 +3301,7 @@ initialize_netfilter () {
 	run_user_exit newnotsyn
 	if [ -n "$LOGNEWNOTSYN" ]; then
 	    if [ "$LOGNEWNOTSYN" = ULOG ]; then
-		run_iptables -A newnotsyn -j ULOG \
+		run_iptables -A newnotsyn -j ULOG 
 		    --ulog-prefix "Shorewall:newnotsyn:DROP:"
 	    else
 		run_iptables -A newnotsyn -j LOG \
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 92d4fab1a..9df4d9db6 100755
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -7,8 +7,8 @@ New features include:
    wish to minimize the number of rules that connection requests must
    traverse.
    
-   A Shorewall DNAT rule actually generates two iptables rules: an
-   address rewriting rule in the 'nat' table and an ACCEPT rule in the
+   A Shorewall DNAT rule actually generates two iptables rules: a
+   header rewriting rule in the 'nat' table and an ACCEPT rule in the
    'filter' table. A DNAT- rule only generates the first of these
    rules. This is handy when you have several DNAT rules that would
    generate the same ACCEPT rule.
@@ -32,3 +32,6 @@ New features include:
 
 2) The 'shorewall check' command now prints out the applicable policy
    between each pair of zones.
+
+3. An exit status of 255 from /etc/shorewall/tcclear will prevent
+   Shorewall from clearing the QOS configuration.