Require MARK_IN_FORWARD_CHAIN=Yes for multi-ISP

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2792 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/firewall

@@ -1265,7 +1265,7 @@ setup_providers()
 	    tcfor)
 		;;
 	    *)
-		error_message "WARNING: MARK_IN_FORWARD_CHAIN=No is incompatible with multiple providers"
+		fatal_error "MARK_IN_FORWARD_CHAIN=No is incompatible with multiple providers"
 		;;
 	esac
 

Shorewall/releasenotes.txt

@@ -35,7 +35,9 @@ New Features in 2.5.7:
    must have restarted Shorewall using this release before this feature
    will work correctly.
 
-5) The multi-ISP code
+5) The multi-ISP code now requires that that you set MARK_IN_FORWARD_CHAIN=Yes
+   in shorewall.conf. This is done to ensure that "shorewall refresh" will
+   work correctly.
 
 Migration Considerations:
 
@@ -234,6 +236,10 @@ Migration Considerations:
     Note that the rule is added at the front of the NEW section of the
     rules file.
 
+12) Beginning with this release, if you have entries in the
+    /etc/shorewall/providers then you must set MARK_IN_FORWARD_CHAIN=Yes in
+    shorewall.conf.
+
 New Features in Shorewall 2.5.*
 
 1) Error and warning messages are made easier to spot by using

Shorewall/shorewall.conf

@@ -437,6 +437,10 @@ CLEAR_TC=Yes
 # Note: Older kernels do not support marking packets in the FORWARD chain and
 #	setting this variable to Yes may cause startup problems.
 #
+# Note: If you connect to the internet through more than one ISP and thus have
+#       entries in /etc/shorewall/providers then you must set
+#       MARK_IN_FORWARD_CHAIN=Yes.
+#
 
 MARK_IN_FORWARD_CHAIN=No