Require MARK_IN_FORWARD_CHAIN=Yes for multi-ISP

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2792 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-04 17:40:09 +00:00 · 2005-10-04 17:40:09 +00:00 · 340053a6bc
commit 340053a6bc
parent 1b42f18f5f
3 changed files with 12 additions and 2 deletions
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -1265,7 +1265,7 @@ setup_providers()
 	    tcfor)
 		;;
 	    *)
-		error_message "WARNING: MARK_IN_FORWARD_CHAIN=No is incompatible with multiple providers"
+		fatal_error "MARK_IN_FORWARD_CHAIN=No is incompatible with multiple providers"
 		;;
 	esac

--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -35,7 +35,9 @@ New Features in 2.5.7:
   must have restarted Shorewall using this release before this feature
   will work correctly.

-5) The multi-ISP code
+5) The multi-ISP code now requires that that you set MARK_IN_FORWARD_CHAIN=Yes
+   in shorewall.conf. This is done to ensure that "shorewall refresh" will
+   work correctly.

 Migration Considerations:

@ -234,6 +236,10 @@ Migration Considerations:
    Note that the rule is added at the front of the NEW section of the
    rules file.

+12) Beginning with this release, if you have entries in the
+    /etc/shorewall/providers then you must set MARK_IN_FORWARD_CHAIN=Yes in
+    shorewall.conf.
+
 New Features in Shorewall 2.5.*

 1) Error and warning messages are made easier to spot by using
--- a/Shorewall/shorewall.conf
+++ b/Shorewall/shorewall.conf
@ -437,6 +437,10 @@ CLEAR_TC=Yes
 # Note: Older kernels do not support marking packets in the FORWARD chain and
 #	setting this variable to Yes may cause startup problems.
 #
+# Note: If you connect to the internet through more than one ISP and thus have
+#       entries in /etc/shorewall/providers then you must set
+#       MARK_IN_FORWARD_CHAIN=Yes.
+#

 MARK_IN_FORWARD_CHAIN=No