holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Correct clearing of marks in POSTROUTING so that IPMARK works in the FORWARD table

Browse Source
This commit is contained in:
Tom Eastep 2009-05-04 08:54:20 -07:00
parent b02dc1692f
commit 13d3f86e23
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -1102,9 +1102,13 @@ sub setup_tc() {
}
if ( $config{HIGH_ROUTE_MARKS} ) {
for my $chain qw(INPUT FORWARD POSTROUTING) {
insert_rule1 $mangle_table->{$chain}, 0, $config{WIDE_TC_MARKS} ? '-j MARK --and-mark 0x3FFF' : '-j MARK --and-mark 0xFF';
for my $chain qw(INPUT FORWARD) {
insert_rule1 $mangle_table->{$chain}, 0, $config{WIDE_TC_MARKS} ? '-j MARK --and-mark 0xFFFF' : '-j MARK --and-mark 0xFF';
}
#
# In POSTROUTING, we only want to clear routing mark and not IPMARK.
#
insert_rule1 $mangle_table->{POSTROUTING}, 0, $config{WIDE_TC_MARKS} ? '-m mark --mark 0/0xFFFF -j MARK --and-mark 0' : '-m mark --mark 0/0xFF -j MARK --and-mark 0';
}
}