From cc2ae454a031c4c36492ff4c99025fefbef732d0 Mon Sep 17 00:00:00 2001 From: Tuomo Soini Date: Mon, 15 Feb 2016 09:54:16 +0200 Subject: [PATCH] IPP2P: update mangle headers Signed-off-by: Tuomo Soini --- docs/IPP2P.xml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/docs/IPP2P.xml b/docs/IPP2P.xml index a271c241e..61723543a 100644 --- a/docs/IPP2P.xml +++ b/docs/IPP2P.xml @@ -194,14 +194,14 @@ tcp 6 269712 ESTABLISHED src=192.168.3.8 dst=206.124.146.177 sport=50584 dp These are implemented in the /etc/shorewall/tcrules and /etc/shorewall/mangle files as follows: - #ACTION SOURCE DEST PROTO PORT(S) CLIENT USER TEST -# PORT(S) -RESTORE:P - - tcp -CONTINUE:P - - tcp - - - !0 -1:P - - ipp2p ipp2p -SAVE:P - - tcp - - - 1 -1:12 - eth0 - - - - 1 -2:12 - eth1 - - - - 1 + #ACTION SOURCE DEST PROTO DPORT SPORT USER TEST + +RESTORE:P - - tcp +CONTINUE:P - - tcp - - - !0 +1:P - - ipp2p ipp2p +SAVE:P - - tcp - - - 1 +1:12 - eth0 - - - - 1 +2:12 - eth1 - - - - 1 These rules do exactly the same thing as their counterparts described above. @@ -209,14 +209,14 @@ SAVE:P - - tcp - - One change that I recommend --do your marking in the FORWARD chain rather than in the PREROUTING chain: - #MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST -# PORT(S) -RESTORE:F - - tcp -CONTINUE:F - - tcp - - - !0 -1:F - - ipp2p ipp2p -SAVE:F - - tcp - - - 1 -1:12 - eth0 - - - - 1 -2:12 - eth1 - - - - 1 + #ACTION SOURCE DEST PROTO DPORT SPORT USER TEST + +RESTORE:F - - tcp +CONTINUE:F - - tcp - - - !0 +1:F - - ipp2p ipp2p +SAVE:F - - tcp - - - 1 +1:12 - eth0 - - - - 1 +2:12 - eth1 - - - - 1 It will work the same and will work with a Multi-ISP setup.