Add CLEAR_TC option

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@392 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-12-31 16:04:31 +00:00
parent 9ebd6ceaae
commit b1fb6bd72c
3 changed files with 28 additions and 20 deletions

View File

@ -4,5 +4,5 @@ Changes since 1.3.12
2. Print policies in 'check' command.
3. Result 255 from /etc/shorewall/tcclear inhibits clearing tc rules.
3. Added CLEAR_TC option.

View File

@ -1257,7 +1257,7 @@ stop_firewall() {
[ -n "$NAT_ENABLED" ] && delete_nat
delete_proxy_arp
[ -n "$TC_ENABLED" ] && delete_tc
[ -n "$CLEAR_TC" ] && delete_tc
setpolicy INPUT DROP
setpolicy OUTPUT DROP
@ -1843,7 +1843,6 @@ setup_tc() {
#
delete_tc()
{
local result
clear_one_tc() {
tc qdisc del dev $1 root 2> /dev/null
@ -1851,10 +1850,9 @@ delete_tc()
}
run_user_exit tcclear
result=$?
if [ $result -ne 255 ]; then
run_ip link list | while read inx interface details; do
run_ip link list | \
while read inx interface details; do
case $inx in
[0-9]*)
clear_one_tc ${interface%:}
@ -1863,7 +1861,6 @@ delete_tc()
;;
esac
done
fi
}
#
@ -1873,7 +1870,7 @@ refresh_tc() {
echo "Refreshing Traffic Control Rules..."
delete_tc
[ -n "$CLEAR_TC" ] && delete_tc
[ -n "$MARK_IN_FORWARD_CHAIN" ] && chain=tcfor || chain=tcpre
@ -3267,7 +3264,7 @@ initialize_netfilter () {
run_iptables -t mangle -F && \
run_iptables -t mangle -X
[ -n "$TC_ENABLED" ] && delete_tc
[ -n "$CLEAR_TC" ] && delete_tc
run_user_exit init
@ -4578,7 +4575,11 @@ do_initialize() {
[ -z "$RFC1918_LOG_LEVEL" ] && RFC1918_LOG_LEVEL=info
MARK_IN_FORWARD_CHAIN=`added_param_value_no MARK_IN_FORWARD_CHAIN $MARK_IN_FORWARD_CHAIN`
[ -n "$MARK_IN_FORWARD_CHAIN" ] && marking_chain=tcfor || marking_chain=tcpre
if [ -n "$TC_ENABLED" ]; then
CLEAR_TC=`added_param_value_yes CLEAR_TC $CLEAR_TC`
else
CLEAR_TC=
fi
}
#

View File

@ -33,5 +33,12 @@ New features include:
2) The 'shorewall check' command now prints out the applicable policy
between each pair of zones.
3. An exit status of 255 from /etc/shorewall/tcclear will prevent
Shorewall from clearing the QOS configuration.
3. A new CLEAR_TC option has been added to shorewall.conf. If this
option is set to 'No' then Shorewall won't clear the current
traffic control rules during [re]start. This setting is intended
for use by people that prefer to configure traffic shaping when
the network interfaces come up rather than when the firewall
is started. By setting TC_ENABLED=Yes and CLEAR_TC=No and by
not supplying an /etc/shorewall/tcstart file, your traffic
shaping rules can still use the 'fw' classifier based on packet
marking defined in /etc/shorewall/tcrules.