extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-18 15:46:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add CLEAR_TC option

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@392 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-12-31 16:04:31 +00:00
parent 9ebd6ceaae
commit b1fb6bd72c
3 changed files with 28 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/changelog.txt
View File

@ -4,5 +4,5 @@ Changes since 1.3.12
2. Print policies in 'check' command. 2. Print policies in 'check' command.
3. Result 255 from /etc/shorewall/tcclear inhibits clearing tc rules. 3. Added CLEAR_TC option.

35
Shorewall/firewall
View File

@ -1257,7 +1257,7 @@ stop_firewall() {
[ -n "$NAT_ENABLED" ] && delete_nat [ -n "$NAT_ENABLED" ] && delete_nat
delete_proxy_arp delete_proxy_arp
[ -n "$TC_ENABLED" ] && delete_tc [ -n "$CLEAR_TC" ] && delete_tc
setpolicy INPUT DROP setpolicy INPUT DROP
setpolicy OUTPUT DROP setpolicy OUTPUT DROP
@ -1843,7 +1843,6 @@ setup_tc() {
# #
delete_tc() delete_tc()
{ {
local result
clear_one_tc() { clear_one_tc() {
tc qdisc del dev $1 root 2> /dev/null tc qdisc del dev $1 root 2> /dev/null
@ -1851,19 +1850,17 @@ delete_tc()
} }
run_user_exit tcclear run_user_exit tcclear
result=$?
if [ $result -ne 255 ]; then run_ip link list | \
run_ip link list | while read inx interface details; do while read inx interface details; do
case $inx in case $inx in
[0-9]*) [0-9]*)
clear_one_tc ${interface%:} clear_one_tc ${interface%:}
;; ;;
*) *)
;; ;;
esac esac
done done
fi
} }
# #
@ -1873,7 +1870,7 @@ refresh_tc() {
echo "Refreshing Traffic Control Rules..." echo "Refreshing Traffic Control Rules..."
delete_tc [ -n "$CLEAR_TC" ] && delete_tc
[ -n "$MARK_IN_FORWARD_CHAIN" ] && chain=tcfor || chain=tcpre [ -n "$MARK_IN_FORWARD_CHAIN" ] && chain=tcfor || chain=tcpre
@ -3267,7 +3264,7 @@ initialize_netfilter () {
run_iptables -t mangle -F && \ run_iptables -t mangle -F && \
run_iptables -t mangle -X run_iptables -t mangle -X
[ -n "$TC_ENABLED" ] && delete_tc [ -n "$CLEAR_TC" ] && delete_tc
run_user_exit init run_user_exit init
@ -4578,7 +4575,11 @@ do_initialize() {
[ -z "$RFC1918_LOG_LEVEL" ] && RFC1918_LOG_LEVEL=info [ -z "$RFC1918_LOG_LEVEL" ] && RFC1918_LOG_LEVEL=info
MARK_IN_FORWARD_CHAIN=`added_param_value_no MARK_IN_FORWARD_CHAIN $MARK_IN_FORWARD_CHAIN` MARK_IN_FORWARD_CHAIN=`added_param_value_no MARK_IN_FORWARD_CHAIN $MARK_IN_FORWARD_CHAIN`
[ -n "$MARK_IN_FORWARD_CHAIN" ] && marking_chain=tcfor || marking_chain=tcpre [ -n "$MARK_IN_FORWARD_CHAIN" ] && marking_chain=tcfor || marking_chain=tcpre
if [ -n "$TC_ENABLED" ]; then
CLEAR_TC=`added_param_value_yes CLEAR_TC $CLEAR_TC`
else
CLEAR_TC=
fi
} }
# #

11
Shorewall/releasenotes.txt
View File

@ -33,5 +33,12 @@ New features include:
2) The 'shorewall check' command now prints out the applicable policy 2) The 'shorewall check' command now prints out the applicable policy
between each pair of zones. between each pair of zones.
3. An exit status of 255 from /etc/shorewall/tcclear will prevent 3. A new CLEAR_TC option has been added to shorewall.conf. If this
Shorewall from clearing the QOS configuration. option is set to 'No' then Shorewall won't clear the current
traffic control rules during [re]start. This setting is intended
for use by people that prefer to configure traffic shaping when
the network interfaces come up rather than when the firewall
is started. By setting TC_ENABLED=Yes and CLEAR_TC=No and by
not supplying an /etc/shorewall/tcstart file, your traffic
shaping rules can still use the 'fw' classifier based on packet
marking defined in /etc/shorewall/tcrules.