From 9c7fcd09fde5d9e8c8ab054df6d3314258c83fda Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 25 Jun 2014 07:33:42 -0700 Subject: [PATCH 1/7] Revert "Add a TIME column to the mangle file" This reverts commit 824b14b714725069bbbbb3c69a27cdf842d0276e. --- Shorewall/Perl/Shorewall/Tc.pm | 23 ++---- Shorewall/manpages/shorewall-mangle.xml | 98 ----------------------- Shorewall6/manpages/shorewall6-mangle.xml | 98 ----------------------- 3 files changed, 8 insertions(+), 211 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index ebfe3933c..5662ecb38 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -174,8 +174,8 @@ sub initialize( $ ) { # # Process a rule from the tcrules or mangle file # -sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) { - our ( $file, $action, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time ) = @_; +sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) { + our ( $file, $action, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ) = @_; use constant { PREROUTING => 1, #Actually tcpre @@ -798,7 +798,6 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) { do_probability( $probability ) . do_dscp( $dscp ) . state_match( $state ) . - do_time( $time ) . $raw_matches , $source , $dest , @@ -987,9 +986,7 @@ sub process_tc_rule1( $$$$$$$$$$$$$$$$ ) { $headers, $probability, $dscp, - $state, - '-', - ); + $state ); } } @@ -1049,9 +1046,9 @@ sub process_tc_rule( ) { } sub process_mangle_rule( ) { - my ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time ); + my ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ); if ( $family == F_IPV4 ) { - ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state, $time ) = + ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state ) = split_line2( 'tcrules file', { mark => 0, action => 0, @@ -1068,9 +1065,7 @@ sub process_mangle_rule( ) { helper => 11, probability => 12 , scp => 13, - state => 14, - time => 15, - }, + state => 14 }, {}, 15, 1 ); @@ -1094,16 +1089,14 @@ sub process_mangle_rule( ) { headers => 12, probability => 13, dscp => 14, - state => 15, - time => 16, - }, + state => 15 }, {}, 16, 1 ); } for my $proto (split_list( $protos, 'Protocol' ) ) { - process_mangle_rule1( 'Mangle', $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time ); + process_mangle_rule1( 'Mangle', $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ); } } diff --git a/Shorewall/manpages/shorewall-mangle.xml b/Shorewall/manpages/shorewall-mangle.xml index c2bfed664..b4cd5ba13 100644 --- a/Shorewall/manpages/shorewall-mangle.xml +++ b/Shorewall/manpages/shorewall-mangle.xml @@ -1109,104 +1109,6 @@ Normal-Service => 0x00 of the listed states. - - - TIME - - timeelement[&timeelement...] - - - Added in Shorewall 4.6.2. - - May be used to limit the rule to a particular time period each - day, to particular days of the week or month, or to a range defined - by dates and times. Requires time match support in your kernel and - ip6tables. - - timeelement may be: - - - - timestart=hh:mm[:ss] - - - Defines the starting time of day. - - - - - timestop=hh:mm[:ss] - - - Defines the ending time of day. - - - - - utc - - - Times are expressed in Greenwich Mean Time. - - - - - localtz - - - Deprecated by the Netfilter team in favor of kerneltz. Times are expressed in Local - Civil Time (default). - - - - - kerneltz - - - Added in Shorewall 4.5.2. Times are expressed in Local - Kernel Time (requires iptables 1.4.12 or later). - - - - - weekdays=ddd[,ddd]... - - - where ddd is one of - , , - , , - , or - - - - - - monthdays=dd[,dd],... - - - where dd is an ordinal day of - the month - - - - - datestart=yyyy[-mm[-dd[hh[:mm[:ss]]]]] - - - Defines the starting date and time. - - - - - datestop=yyyy[-mm[-dd[hh[:mm[:ss]]]]] - - - Defines the ending date and time. - - - - - diff --git a/Shorewall6/manpages/shorewall6-mangle.xml b/Shorewall6/manpages/shorewall6-mangle.xml index b10c01936..9772d079f 100644 --- a/Shorewall6/manpages/shorewall6-mangle.xml +++ b/Shorewall6/manpages/shorewall6-mangle.xml @@ -1194,104 +1194,6 @@ Normal-Service => 0x00 of the listed states. - - - TIME - - timeelement[&timeelement...] - - - Added in Shorewall 4.6.2. - - May be used to limit the rule to a particular time period each - day, to particular days of the week or month, or to a range defined - by dates and times. Requires time match support in your kernel and - ip6tables. - - timeelement may be: - - - - timestart=hh:mm[:ss] - - - Defines the starting time of day. - - - - - timestop=hh:mm[:ss] - - - Defines the ending time of day. - - - - - utc - - - Times are expressed in Greenwich Mean Time. - - - - - localtz - - - Deprecated by the Netfilter team in favor of kerneltz. Times are expressed in Local - Civil Time (default). - - - - - kerneltz - - - Added in Shorewall 4.5.2. Times are expressed in Local - Kernel Time (requires iptables 1.4.12 or later). - - - - - weekdays=ddd[,ddd]... - - - where ddd is one of - , , - , , - , or - - - - - - monthdays=dd[,dd],... - - - where dd is an ordinal day of - the month - - - - - datestart=yyyy[-mm[-dd[hh[:mm[:ss]]]]] - - - Defines the starting date and time. - - - - - datestop=yyyy[-mm[-dd[hh[:mm[:ss]]]]] - - - Defines the ending date and time. - - - - - From 1165b2689cd24b2169245ed385248156458de0ef Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 27 Jun 2014 08:14:28 -0700 Subject: [PATCH 2/7] Revert "Revert "Add a TIME column to the mangle file"" This reverts commit 9c7fcd09fde5d9e8c8ab054df6d3314258c83fda. --- Shorewall/Perl/Shorewall/Tc.pm | 23 ++++-- Shorewall/manpages/shorewall-mangle.xml | 98 +++++++++++++++++++++++ Shorewall6/manpages/shorewall6-mangle.xml | 98 +++++++++++++++++++++++ 3 files changed, 211 insertions(+), 8 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 5662ecb38..ebfe3933c 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -174,8 +174,8 @@ sub initialize( $ ) { # # Process a rule from the tcrules or mangle file # -sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) { - our ( $file, $action, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ) = @_; +sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) { + our ( $file, $action, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time ) = @_; use constant { PREROUTING => 1, #Actually tcpre @@ -798,6 +798,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) { do_probability( $probability ) . do_dscp( $dscp ) . state_match( $state ) . + do_time( $time ) . $raw_matches , $source , $dest , @@ -986,7 +987,9 @@ sub process_tc_rule1( $$$$$$$$$$$$$$$$ ) { $headers, $probability, $dscp, - $state ); + $state, + '-', + ); } } @@ -1046,9 +1049,9 @@ sub process_tc_rule( ) { } sub process_mangle_rule( ) { - my ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ); + my ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time ); if ( $family == F_IPV4 ) { - ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state ) = + ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state, $time ) = split_line2( 'tcrules file', { mark => 0, action => 0, @@ -1065,7 +1068,9 @@ sub process_mangle_rule( ) { helper => 11, probability => 12 , scp => 13, - state => 14 }, + state => 14, + time => 15, + }, {}, 15, 1 ); @@ -1089,14 +1094,16 @@ sub process_mangle_rule( ) { headers => 12, probability => 13, dscp => 14, - state => 15 }, + state => 15, + time => 16, + }, {}, 16, 1 ); } for my $proto (split_list( $protos, 'Protocol' ) ) { - process_mangle_rule1( 'Mangle', $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ); + process_mangle_rule1( 'Mangle', $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time ); } } diff --git a/Shorewall/manpages/shorewall-mangle.xml b/Shorewall/manpages/shorewall-mangle.xml index b4cd5ba13..c2bfed664 100644 --- a/Shorewall/manpages/shorewall-mangle.xml +++ b/Shorewall/manpages/shorewall-mangle.xml @@ -1109,6 +1109,104 @@ Normal-Service => 0x00 of the listed states. + + + TIME - + timeelement[&timeelement...] + + + Added in Shorewall 4.6.2. + + May be used to limit the rule to a particular time period each + day, to particular days of the week or month, or to a range defined + by dates and times. Requires time match support in your kernel and + ip6tables. + + timeelement may be: + + + + timestart=hh:mm[:ss] + + + Defines the starting time of day. + + + + + timestop=hh:mm[:ss] + + + Defines the ending time of day. + + + + + utc + + + Times are expressed in Greenwich Mean Time. + + + + + localtz + + + Deprecated by the Netfilter team in favor of kerneltz. Times are expressed in Local + Civil Time (default). + + + + + kerneltz + + + Added in Shorewall 4.5.2. Times are expressed in Local + Kernel Time (requires iptables 1.4.12 or later). + + + + + weekdays=ddd[,ddd]... + + + where ddd is one of + , , + , , + , or + + + + + + monthdays=dd[,dd],... + + + where dd is an ordinal day of + the month + + + + + datestart=yyyy[-mm[-dd[hh[:mm[:ss]]]]] + + + Defines the starting date and time. + + + + + datestop=yyyy[-mm[-dd[hh[:mm[:ss]]]]] + + + Defines the ending date and time. + + + + + diff --git a/Shorewall6/manpages/shorewall6-mangle.xml b/Shorewall6/manpages/shorewall6-mangle.xml index 9772d079f..b10c01936 100644 --- a/Shorewall6/manpages/shorewall6-mangle.xml +++ b/Shorewall6/manpages/shorewall6-mangle.xml @@ -1194,6 +1194,104 @@ Normal-Service => 0x00 of the listed states. + + + TIME - + timeelement[&timeelement...] + + + Added in Shorewall 4.6.2. + + May be used to limit the rule to a particular time period each + day, to particular days of the week or month, or to a range defined + by dates and times. Requires time match support in your kernel and + ip6tables. + + timeelement may be: + + + + timestart=hh:mm[:ss] + + + Defines the starting time of day. + + + + + timestop=hh:mm[:ss] + + + Defines the ending time of day. + + + + + utc + + + Times are expressed in Greenwich Mean Time. + + + + + localtz + + + Deprecated by the Netfilter team in favor of kerneltz. Times are expressed in Local + Civil Time (default). + + + + + kerneltz + + + Added in Shorewall 4.5.2. Times are expressed in Local + Kernel Time (requires iptables 1.4.12 or later). + + + + + weekdays=ddd[,ddd]... + + + where ddd is one of + , , + , , + , or + + + + + + monthdays=dd[,dd],... + + + where dd is an ordinal day of + the month + + + + + datestart=yyyy[-mm[-dd[hh[:mm[:ss]]]]] + + + Defines the starting date and time. + + + + + datestop=yyyy[-mm[-dd[hh[:mm[:ss]]]]] + + + Defines the ending date and time. + + + + + From 7fdc398a5e3d7eddb2ff37a6a5dc595f2ef9e07b Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 27 Jun 2014 08:23:04 -0700 Subject: [PATCH 3/7] Revert "Revert "Revert "Add a TIME column to the mangle file""" This reverts commit 1165b2689cd24b2169245ed385248156458de0ef. --- Shorewall/Perl/Shorewall/Tc.pm | 23 ++---- Shorewall/manpages/shorewall-mangle.xml | 98 ----------------------- Shorewall6/manpages/shorewall6-mangle.xml | 98 ----------------------- 3 files changed, 8 insertions(+), 211 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index ebfe3933c..5662ecb38 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -174,8 +174,8 @@ sub initialize( $ ) { # # Process a rule from the tcrules or mangle file # -sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) { - our ( $file, $action, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time ) = @_; +sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) { + our ( $file, $action, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ) = @_; use constant { PREROUTING => 1, #Actually tcpre @@ -798,7 +798,6 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) { do_probability( $probability ) . do_dscp( $dscp ) . state_match( $state ) . - do_time( $time ) . $raw_matches , $source , $dest , @@ -987,9 +986,7 @@ sub process_tc_rule1( $$$$$$$$$$$$$$$$ ) { $headers, $probability, $dscp, - $state, - '-', - ); + $state ); } } @@ -1049,9 +1046,9 @@ sub process_tc_rule( ) { } sub process_mangle_rule( ) { - my ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time ); + my ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ); if ( $family == F_IPV4 ) { - ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state, $time ) = + ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state ) = split_line2( 'tcrules file', { mark => 0, action => 0, @@ -1068,9 +1065,7 @@ sub process_mangle_rule( ) { helper => 11, probability => 12 , scp => 13, - state => 14, - time => 15, - }, + state => 14 }, {}, 15, 1 ); @@ -1094,16 +1089,14 @@ sub process_mangle_rule( ) { headers => 12, probability => 13, dscp => 14, - state => 15, - time => 16, - }, + state => 15 }, {}, 16, 1 ); } for my $proto (split_list( $protos, 'Protocol' ) ) { - process_mangle_rule1( 'Mangle', $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time ); + process_mangle_rule1( 'Mangle', $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ); } } diff --git a/Shorewall/manpages/shorewall-mangle.xml b/Shorewall/manpages/shorewall-mangle.xml index c2bfed664..b4cd5ba13 100644 --- a/Shorewall/manpages/shorewall-mangle.xml +++ b/Shorewall/manpages/shorewall-mangle.xml @@ -1109,104 +1109,6 @@ Normal-Service => 0x00 of the listed states. - - - TIME - - timeelement[&timeelement...] - - - Added in Shorewall 4.6.2. - - May be used to limit the rule to a particular time period each - day, to particular days of the week or month, or to a range defined - by dates and times. Requires time match support in your kernel and - ip6tables. - - timeelement may be: - - - - timestart=hh:mm[:ss] - - - Defines the starting time of day. - - - - - timestop=hh:mm[:ss] - - - Defines the ending time of day. - - - - - utc - - - Times are expressed in Greenwich Mean Time. - - - - - localtz - - - Deprecated by the Netfilter team in favor of kerneltz. Times are expressed in Local - Civil Time (default). - - - - - kerneltz - - - Added in Shorewall 4.5.2. Times are expressed in Local - Kernel Time (requires iptables 1.4.12 or later). - - - - - weekdays=ddd[,ddd]... - - - where ddd is one of - , , - , , - , or - - - - - - monthdays=dd[,dd],... - - - where dd is an ordinal day of - the month - - - - - datestart=yyyy[-mm[-dd[hh[:mm[:ss]]]]] - - - Defines the starting date and time. - - - - - datestop=yyyy[-mm[-dd[hh[:mm[:ss]]]]] - - - Defines the ending date and time. - - - - - diff --git a/Shorewall6/manpages/shorewall6-mangle.xml b/Shorewall6/manpages/shorewall6-mangle.xml index b10c01936..9772d079f 100644 --- a/Shorewall6/manpages/shorewall6-mangle.xml +++ b/Shorewall6/manpages/shorewall6-mangle.xml @@ -1194,104 +1194,6 @@ Normal-Service => 0x00 of the listed states. - - - TIME - - timeelement[&timeelement...] - - - Added in Shorewall 4.6.2. - - May be used to limit the rule to a particular time period each - day, to particular days of the week or month, or to a range defined - by dates and times. Requires time match support in your kernel and - ip6tables. - - timeelement may be: - - - - timestart=hh:mm[:ss] - - - Defines the starting time of day. - - - - - timestop=hh:mm[:ss] - - - Defines the ending time of day. - - - - - utc - - - Times are expressed in Greenwich Mean Time. - - - - - localtz - - - Deprecated by the Netfilter team in favor of kerneltz. Times are expressed in Local - Civil Time (default). - - - - - kerneltz - - - Added in Shorewall 4.5.2. Times are expressed in Local - Kernel Time (requires iptables 1.4.12 or later). - - - - - weekdays=ddd[,ddd]... - - - where ddd is one of - , , - , , - , or - - - - - - monthdays=dd[,dd],... - - - where dd is an ordinal day of - the month - - - - - datestart=yyyy[-mm[-dd[hh[:mm[:ss]]]]] - - - Defines the starting date and time. - - - - - datestop=yyyy[-mm[-dd[hh[:mm[:ss]]]]] - - - Defines the ending date and time. - - - - - From 2ad81f1a813c5009e330962b3a413cc638019b1a Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 1 Jul 2014 06:52:58 -0700 Subject: [PATCH 4/7] =?UTF-8?q?Apply=20Thibaut=20Ch=C3=A8ze's=20patch=20fo?= =?UTF-8?q?r=20DSCP=20names?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Tc.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 5662ecb38..2bdfc0b84 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -423,7 +423,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) { function => sub () { require_capability 'DSCP_TARGET', 'The DSCP action', 's'; my $dscp = numeric_value( $params ); - $dscp = $dscpmap{$1} unless defined $dscp; + $dscp = $dscpmap{$params} unless defined $dscp; fatal_error( "Invalid DSCP ($params)" ) unless defined $dscp && $dscp <= 0x38 && ! ( $dscp & 1 ); $target = 'DSCP --set-dscp ' . in_hex( $dscp ); }, From cad8443e011f446bcf7687f347a998e7f1b94195 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 1 Jul 2014 06:54:54 -0700 Subject: [PATCH 5/7] Allow SAVE/RESTORE rules in the OUTPUT chain Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Tc.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 2bdfc0b84..5ef655206 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -562,7 +562,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) { RESTORE => { defaultchain => 0, - allowedchains => PREROUTING | FORWARD | POSTROUTING, + allowedchains => PREROUTING | FORWARD | OUTPUT | POSTROUTING, minparams => 0, maxparams => 1, function => sub () { @@ -591,7 +591,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) { SAVE => { defaultchain => 0, - allowedchains => PREROUTING | FORWARD | POSTROUTING, + allowedchains => PREROUTING | FORWARD | OUTPUT | POSTROUTING, minparams => 0, maxparams => 1, function => sub () { From a8f6d2f43848f04448805d7f6bdfaf3287a4a44f Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 1 Jul 2014 06:52:58 -0700 Subject: [PATCH 6/7] =?UTF-8?q?Apply=20Thibaut=20Ch=C3=A8ze's=20patch=20fo?= =?UTF-8?q?r=20DSCP=20names?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Tc.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 5662ecb38..2bdfc0b84 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -423,7 +423,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) { function => sub () { require_capability 'DSCP_TARGET', 'The DSCP action', 's'; my $dscp = numeric_value( $params ); - $dscp = $dscpmap{$1} unless defined $dscp; + $dscp = $dscpmap{$params} unless defined $dscp; fatal_error( "Invalid DSCP ($params)" ) unless defined $dscp && $dscp <= 0x38 && ! ( $dscp & 1 ); $target = 'DSCP --set-dscp ' . in_hex( $dscp ); }, From 1a7cc9b86d53ae49adc08ad2b1a54a5705d2cc83 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 1 Jul 2014 06:54:54 -0700 Subject: [PATCH 7/7] Allow SAVE/RESTORE rules in the OUTPUT chain Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Tc.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 2bdfc0b84..5ef655206 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -562,7 +562,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) { RESTORE => { defaultchain => 0, - allowedchains => PREROUTING | FORWARD | POSTROUTING, + allowedchains => PREROUTING | FORWARD | OUTPUT | POSTROUTING, minparams => 0, maxparams => 1, function => sub () { @@ -591,7 +591,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) { SAVE => { defaultchain => 0, - allowedchains => PREROUTING | FORWARD | POSTROUTING, + allowedchains => PREROUTING | FORWARD | OUTPUT | POSTROUTING, minparams => 0, maxparams => 1, function => sub () {