Flush all mangle chains in refresh

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2788 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -16,6 +16,8 @@ Changes in 2.5.7
 
 8) Give better diagnostics when IPP2P match isn't available.
 
+9) Do not touch mangle chain during "refresh".
+
 Changes in 2.5.6
 
 1) Finish install/fallback cleanup.

Shorewall/firewall

@@ -1261,6 +1261,14 @@ setup_providers()
     add_a_provider() {
 	local t n iface option
 
+	case $MARKING_CHAIN in
+	    tcfor)
+		;;
+	    *)
+		error_message "WARNING: MARK_IN_FORWARD_CHAIN=No is incompatible with multiple providers"
+		;;
+	esac
+
 	for t in $PROVIDERS; do
 	    if [ "$t" = "$table" ]; then
 		fatal_error "Duplicate Provider: $table, provider: \"$provider\""
@@ -3817,8 +3825,9 @@ refresh_tc() {
         # Flush the TC mangle chains
         #
 	run_iptables -t mangle -F $chain
-
+	[ -n "$MARK_IN_FORWARD_CHAIN" ] && run_iptables -t mangle -F tcpre
         run_iptables -t mangle -F tcout
+        run_iptables -t mangle -F tcpost
         #
         # Process the TC Rules File
         #

Shorewall/releasenotes.txt

@@ -15,6 +15,8 @@ Problems Corrected in 2.5.7:
    error on "shorewall start". This is a bug in the ipp2p code but I
    have included a workaround in Shorewall.
 
+4) Fix "shorwall flush" vs mangle table.
+
 New Features in 2.5.7:
 
 1) The output of "shorewall dump" now includes a capabilities report
@@ -33,6 +35,8 @@ New Features in 2.5.7:
    must have restarted Shorewall using this release before this feature
    will work correctly.
 
+5) The multi-ISP code
+
 Migration Considerations:
 
 1) The "monitor" command has been eliminated.