Update example in the providers file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2737 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/firewall

@@ -150,7 +150,9 @@ append_file() # $1 = File Name
 # Run iptables and if an error occurs, stop the firewall and quit
 #
 run_iptables() {
-
+    #
+    # Purge the temporary files that we use to prevent duplicate '-m' specifications
+    #
     [ -n "$BRIDGING" ]      && [ -f $TMP_DIR/physdev ] && rm -f $TMP_DIR/physdev
     [ -n "$IPRANGE_MATCH" ] && [ -f $TMP_DIR/iprange ] && rm -f $TMP_DIR/iprange
 
@@ -183,7 +185,9 @@ run_iptables2() {
 # Quietly run iptables
 #
 qt_iptables() {
-
+    #
+    # Purge the temporary files that we use to prevent duplicate '-m' specifications
+    #
     [ -n "$BRIDGING" ]      && [ -f $TMP_DIR/physdev ] && rm -f $TMP_DIR/physdev
     [ -n "$IPRANGE_MATCH" ] && [ -f $TMP_DIR/iprange ] && rm -f $TMP_DIR/iprange
 
@@ -1304,13 +1308,15 @@ setup_providers()
 	    ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip route add default via $gateway dev $interface table $number"
 	fi
 
-	verify_mark $mark
+	if [ x${mark} != x- ]; then
+	    verify_mark $mark
 
-	eval ${table}_mark=$mark
+	    eval ${table}_mark=$mark
 
-	if [ $COMMAND != check ]; then
-	    run_and_save_command "[ -n \"\$NOROUTES\" ] || qt ip rule del fwmark $mark"
-	    ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip rule add fwmark $mark pref $((10000 + $mark)) table $number"
+	    if [ $COMMAND != check ]; then
+		run_and_save_command "[ -n \"\$NOROUTES\" ] || qt ip rule del fwmark $mark"
+		ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip rule add fwmark $mark pref $((10000 + $mark)) table $number"
+	    fi
 	fi
 
 	loose=
@@ -1323,6 +1329,7 @@ setup_providers()
 		    list_search $interface $ROUTEMARK_INTERFACES && \
 			fatal_error "Interface $interface is tracked through an earlier provider"
 		    iface=$(chain_base $interface)
+		    [ x${mark} = x- ] && fatal_error "The 'track' option requires a numeric value in the MARK column - Provider \"$provider\""
 		    eval ${iface}_routemark=$mark
 		    ROUTEMARK_INTERFACES="$ROUTEMARK_INTERFACES $interface"
 		    ;;
@@ -1347,7 +1354,7 @@ setup_providers()
 	    find_interface_addresses $interface | while read address; do
 		run_and_save_command "[ -n \"\$NOROUTES\" ] || qt ip rule del from $address"
 		if [ -z "$loose" ]; then
-		    pref=$((20000 + $rulenum * 1000 + $mark ))
+		    pref=$((20000 + $rulenum * 1000 + $number ))
 		    rulenum=$(($rulenum + 1))
 		    ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip rule add from $address pref $pref table $number"
 		fi
@@ -5981,7 +5988,7 @@ process_rules()
 	    for yservers in $xservers; do
 		ysourcezone=${yclients%%:*}
 		ydestzone=${yservers%%:*}
-		if [ "$2" = Yes -o "${ysourcezone}" != "${ydestzone}" ] ; then
+		if [ "${ysourcezone}" != "${ydestzone}" -o "$2" = Yes ] ; then
 		    eval ypolicy=\$${ysourcezone}2${ydestzone}_policy
 		    if [ "$ypolicy" != NONE ] ; then
 			if [ "$1" = Yes ]; then

Shorewall/providers

@@ -75,9 +75,11 @@
 #      eth1 connects to ISP 2. The IP address of eth1 is 130.252.99.27 and the
 #      ISP's gateway router has IP address 130.252.99.254.
 #
-#      #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY	     OPTIONS	  COPY
-#      ISP1  1	    1	 main	   eth0	     206.124.146.254 track,balance
-#      ISP2  2	    2	 main	   eth1	     130.252.99.254  track,balance
+#      eth2 connects to a local network.
+#
+#      #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY	     OPTIONS	        COPY
+#      ISP1  1	    1	 main	   eth0	     206.124.146.254 track,balance      eth2
+#      ISP2  2	    2	 main	   eth1	     130.252.99.254  track,balance      eth2
 #
 # For additional information, see
 # http://shorewall.net/Shorewall_and_Routing.html