From 25d433b36f442aa99562b9138c6f0b7546aa9845 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 14 Jan 2010 08:36:22 -0800 Subject: [PATCH] Update TRACK_PROVIDER description in the man pages. Signed-off-by: Tom Eastep --- manpages/shorewall.conf.xml | 20 ++++++++++---------- manpages6/shorewall6.conf.xml | 22 ++++++++++++---------- 2 files changed, 22 insertions(+), 20 deletions(-) diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml index 104a53fd5..ddda6fdda 100644 --- a/manpages/shorewall.conf.xml +++ b/manpages/shorewall.conf.xml @@ -1521,16 +1521,16 @@ net all DROP infothen the chain name is 'net2all' Previously, when TC_EXPERT=No, packets arriving through 'tracked' provider interfaces were unconditionally passed to the PREROUTING tcrules. This was done so that tcrules could reset the packet mark - to zero so that the packet would be routed using the 'main' routing - table. Using the main table allowed dynamic routes (such as those - added for VPNs) to be effective. The route_rules file was created to - provide a better alternative to clearing the packet mark. As a - consequence, passing these packets to PREROUTING complicates things - without providing any real benefit. Beginning with Shorewall 4.4.6, - when TRACK_PROVIDERS=Yes and TC_EXPERT=No, packets arriving through - 'tracked' interfaces will not be passed to the PREROUTING rules. - Since TRACK_PROVIDERS was just introduced in 4.4.3, this change - should be transparent to most, if not all, users. + to zero, thus allowing the packet to be routed using the 'main' + routing table. Using the main table allowed dynamic routes (such as + those added for VPNs) to be effective. The route_rules file was + created to provide a better alternative to clearing the packet mark. + As a consequence, passing these packets to PREROUTING complicates + things without providing any real benefit. Beginning with Shorewall + 4.4.6, when TRACK_PROVIDERS=Yes and TC_EXPERT=No, packets arriving + through 'tracked' interfaces will not be passed to the PREROUTING + rules. Since TRACK_PROVIDERS was just introduced in 4.4.3, this + change should be transparent to most, if not all, users. diff --git a/manpages6/shorewall6.conf.xml b/manpages6/shorewall6.conf.xml index 3754f4bb2..f4f5ac6bd 100644 --- a/manpages6/shorewall6.conf.xml +++ b/manpages6/shorewall6.conf.xml @@ -1307,16 +1307,18 @@ net all DROP infothen the chain name is 'net2all' Previously, when TC_EXPERT=No, packets arriving through 'tracked' provider interfaces were unconditionally passed to the PREROUTING tcrules. This was done so that tcrules could reset the packet mark - to zero so that the packet would be routed using the 'main' routing - table. Using the main table allowed dynamic routes (such as those - added for VPNs) to be effective. The route_rules file was created to - provide a better alternative to clearing the packet mark. As a - consequence, passing these packets to PREROUTING complicates things - without providing any real benefit. Beginning with Shorewall 4.4.6, - when TRACK_PROVIDERS=Yes and TC_EXPERT=No, packets arriving through - 'tracked' interfaces will not be passed to the PREROUTING rules. - Since TRACK_PROVIDERS was just introduced in 4.4.3, this change - should be transparent to most, if not all, users. + to zero, thus allowing the packet to be routed using the 'main' + routing table. Using the main table allowed dynamic routes (such as + those added for VPNs) to be effective. The shorewall6-route_rules(5) + file was created to provide a better alternative to clearing the + packet mark. As a consequence, passing these packets to PREROUTING + complicates things without providing any real benefit. Beginning + with Shorewall 4.4.6, when TRACK_PROVIDERS=Yes and TC_EXPERT=No, + packets arriving through 'tracked' interfaces will not be passed to + the PREROUTING rules. Since TRACK_PROVIDERS was just introduced in + 4.4.3, this change should be transparent to most, if not all, + users.