extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-15 10:51:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Exit status 255 from tcclear indicates that Shorewall should not clear tc

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@391 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-12-31 03:50:05 +00:00
parent 144c9ab576
commit 9ebd6ceaae
3 changed files with 22 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/changelog.txt
View File

@ -4,3 +4,5 @@ Changes since 1.3.12
2. Print policies in 'check' command. 2. Print policies in 'check' command.
3. Result 255 from /etc/shorewall/tcclear inhibits clearing tc rules.

26
Shorewall/firewall
View File

@ -1843,23 +1843,27 @@ setup_tc() {
# #
delete_tc() delete_tc()
{ {
local result
clear_one_tc() { clear_one_tc() {
tc qdisc del dev $1 root 2> /dev/null tc qdisc del dev $1 root 2> /dev/null
tc qdisc del dev $1 ingress 2> /dev/null tc qdisc del dev $1 ingress 2> /dev/null
} }
run_user_exit tcclear run_user_exit tcclear
result=$?
run_ip link list | \ if [ $result -ne 255 ]; then
while read inx interface details; do run_ip link list | while read inx interface details; do
case $inx in case $inx in
[0-9]*) [0-9]*)
clear_one_tc ${interface%:} clear_one_tc ${interface%:}
;; ;;
*) *)
;; ;;
esac esac
done done
fi
} }
# #
@ -3297,7 +3301,7 @@ initialize_netfilter () {
run_user_exit newnotsyn run_user_exit newnotsyn
if [ -n "$LOGNEWNOTSYN" ]; then if [ -n "$LOGNEWNOTSYN" ]; then
if [ "$LOGNEWNOTSYN" = ULOG ]; then if [ "$LOGNEWNOTSYN" = ULOG ]; then
run_iptables -A newnotsyn -j ULOG \ run_iptables -A newnotsyn -j ULOG
--ulog-prefix "Shorewall:newnotsyn:DROP:" --ulog-prefix "Shorewall:newnotsyn:DROP:"
else else
run_iptables -A newnotsyn -j LOG \ run_iptables -A newnotsyn -j LOG \

7
Shorewall/releasenotes.txt
View File

@ -7,8 +7,8 @@ New features include:
wish to minimize the number of rules that connection requests must wish to minimize the number of rules that connection requests must
traverse. traverse.
A Shorewall DNAT rule actually generates two iptables rules: an A Shorewall DNAT rule actually generates two iptables rules: a
address rewriting rule in the 'nat' table and an ACCEPT rule in the header rewriting rule in the 'nat' table and an ACCEPT rule in the
'filter' table. A DNAT- rule only generates the first of these 'filter' table. A DNAT- rule only generates the first of these
rules. This is handy when you have several DNAT rules that would rules. This is handy when you have several DNAT rules that would
generate the same ACCEPT rule. generate the same ACCEPT rule.
@ -32,3 +32,6 @@ New features include:
2) The 'shorewall check' command now prints out the applicable policy 2) The 'shorewall check' command now prints out the applicable policy
between each pair of zones. between each pair of zones.
3. An exit status of 255 from /etc/shorewall/tcclear will prevent
Shorewall from clearing the QOS configuration.