holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Exit the tcpost chain if a connection mark is restored

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-05-14 10:35:42 -07:00
parent 9f1c920a39
commit 926e589414
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -1635,6 +1635,12 @@ sub process_tcpri() {
mark => '--mark 0/' . in_hex( $globals{TC_MASK} )
);
insert_irule( $mangle_table->{tcpost} ,
j => 'RETURN',
1 ,
mark => '! --mark 0/' . in_hex( $globals{TC_MASK} ) ,
);
add_ijump( $mangle_table->{tcpost} ,
j => 'CONNMARK --save-mark --ctmask ' . in_hex( $globals{TC_MASK} ),
mark => '! --mark 0/' . in_hex( $globals{TC_MASK} )