forked from extern/shorewall_code
Add an ECN action to shorewall-mangle(8)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
f265596613
commit
6c88eb6916
@ -499,6 +499,25 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
ECN => {
|
||||||
|
defaultchain => POSTROUTING,
|
||||||
|
allowedchains => PREROUTING | FORWARD | OUTPUT | INPUT | POSTROUTING,
|
||||||
|
minparams => 0,
|
||||||
|
maxparams => 0,
|
||||||
|
function => sub() {
|
||||||
|
fatal_error "The ECN target is only available with IPv4" if $family == F_IPV6;
|
||||||
|
|
||||||
|
if ( $proto eq '-' ) {
|
||||||
|
$proto = TCP;
|
||||||
|
} else {
|
||||||
|
$proto = resolve_proto( $proto ) || 0;
|
||||||
|
fatal_error "Only PROTO tcp (6) is allowed with the ECN action" unless $proto == TCP;
|
||||||
|
}
|
||||||
|
|
||||||
|
$target = 'ECN --ecn-tcp-remove';
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
HL => {
|
HL => {
|
||||||
defaultchain => FORWARD,
|
defaultchain => FORWARD,
|
||||||
allowedchains => PREROUTING | FORWARD,
|
allowedchains => PREROUTING | FORWARD,
|
||||||
|
|||||||
@ -339,6 +339,18 @@ DIVERTHA - - tcp</programlisting>
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><emphasis role="bold">ECN</emphasis></term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Added in Shorewall 5.0.6 as an alternative to entries in
|
||||||
|
<ulink url="shorewall-ecn.html">shorewall-ecn(5)</ulink>. If a
|
||||||
|
PROTO is specified, it must be 'tcp' (6). If no PROTO is
|
||||||
|
supplied, TCP is assumed. This action causes all ECN bits in
|
||||||
|
the TCP header to be cleared.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis
|
<term><emphasis
|
||||||
role="bold">IMQ</emphasis>(<replaceable>number</replaceable>)</term>
|
role="bold">IMQ</emphasis>(<replaceable>number</replaceable>)</term>
|
||||||
|
|||||||
@ -118,6 +118,10 @@
|
|||||||
</tgroup>
|
</tgroup>
|
||||||
</table></para>
|
</table></para>
|
||||||
</example>
|
</example>
|
||||||
|
|
||||||
|
<para>Beginning with Shorewall 5.0.6, you may also specify clearing of the
|
||||||
|
ECN flags through use of the ECN action in <ulink
|
||||||
|
url="manpages/shorewall-ecn.html">shorewall-mangle(8)</ulink>.</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<lot/>
|
<lot/>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user