Work around lack of MARK Target support

Shorewall/Perl/Shorewall/Tc.pm

@@ -1408,7 +1408,7 @@ sub setup_tc() {
 	add_jump $mangle_table->{OUTPUT} ,     'tcout', 0, $mark_part;
 
 	if ( have_capability( 'MANGLE_FORWARD' ) ) {
-	    add_rule( $mangle_table->{FORWARD},     '-j MARK --set-mark 0' );
+	    add_rule( $mangle_table->{FORWARD},     '-j MARK --set-mark 0' ) if have_capability 'MARK';
 	    add_jump $mangle_table->{FORWARD} ,     'tcfor',  0;
 	    add_jump $mangle_table->{POSTROUTING} , 'tcpost', 0;
 	}

Shorewall/changelog.txt

@@ -12,6 +12,8 @@ Changes in Shorewall 4.4.7
 
 6)  Avoid excessive module loading with LOAD_HELPERS_ONLY=Yes
 
+7)  Fix case where MARK target is unavailable.
+
 Changes in Shorewall 4.4.6
 
 1)  Fix for rp_filter and kernel 2.6.31.

Shorewall/releasenotes.txt

@@ -191,6 +191,14 @@ Shorewall 4.4.7 RC 1
     As part of this fix, both hex and octal numbers are now accepted
     for protocol and port numbers.
 
+3)  In 4.4.6, if a system:
+
+    a) Had mangle table support.
+    b) Had a FORWARD chain in the mangle table.
+    c) Did not have MARK Target support.
+
+    then 'shorewall start' would fail.
+
 ----------------------------------------------------------------------------
              K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------