Fix ECN handling with MANGLE_FORWARD=Yes

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6955 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-07-25 14:22:31 +00:00
parent 4a9cda63ea
commit ad2cf6706a
3 changed files with 8 additions and 7 deletions

View File

@ -8,6 +8,8 @@ Changes in 4.0.1
4) Corrent handling of 'PATH' in Shorewall-perl.
5) Correct handling of ECN with MANGLE_FORWARD.
Changes in 4.0.0 Final
1) Fix lite install.sh manpage problem.

View File

@ -58,6 +58,10 @@ Problems corrected in 4.0.1.
6) If no PATH was available when Shorewall-perl is run, a Perl run-time
warning was issued.
7) If the "Mangle FORWARD Chain" capability was supported, entries in
the /etc/shorewall/ecn file would cause invalid iptables
commands to be generated.
Other changes in Shorewall 4.0.1.
1) A new EXPAND_POLICIES option is added to shorewall.conf. The

View File

@ -869,13 +869,8 @@ setup_ecn() # $1 = file name
flushmangle $chain
else
createmanglechain $chain
if [ -n "$MANGLE_FORWARD" ]; then
run_iptables -t mangle -A PREROUTING -p tcp -o $interface -j $chain
else
run_iptables -t mangle -A POSTROUTING -p tcp -o $interface -j $chain
run_iptables -t mangle -A OUTPUT -p tcp -o $interface -j $chain
fi
run_iptables -t mangle -A POSTROUTING -p tcp -o $interface -j $chain
run_iptables -t mangle -A OUTPUT -p tcp -o $interface -j $chain
fi
done