Reverse 'tracked' tweak

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7833 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-common/releasenotes.txt

@@ -48,7 +48,7 @@ Other changes in Shorewall 4.1.2.
 
 1)  Shorewall 4.1.2 contains enhanced operational logging capabilities
     through a set of related enhancements to Shorewall-common and
-    Shorewall-shell. The enhancements are not supported by
+    Shorewall-perl. The enhancements are not supported by
     Shorewall-shell nor are they supported by Shorewall-lite except
     when the script is compiled using Shorewall-perl.
 
@@ -131,21 +131,12 @@ Other changes in Shorewall 4.1.2.
     there. Packet marking rules for traffic shaping of packets
     originating on the firewall must be coded in the POSTROUTING table.
 
-3)  The behavior of the 'track' provider has been changed subtly when
+3)  Previously, Shorewall did not range-check the value of the
-    TC_EXPERT=No.
+    VERBOSITY option in shorewall.conf. Beginnins with Shorewall 4.1.2:
 
-    Previously, traffic entering from a tracked interface was subjected
+    a) A VERBOSITY setting outside the range -1 through 2 is rejected.
-    to PREROUTING marking. This was to allow the PREROUTING rules to
+    b) After the -v and -q options are applied, the resulting value is
-    clear the packet mark, thus causing the packet to be routed using
+       adjusted to fall within the range -1 through 2.
-    the 'main' table (table 254). 
-
-    Beginning with Shorewall 4.1.2, when a packet enters on a tracked
-    interface, the packet mark will be cleared unconditionally and the
-    packet will be routed based on the main table.
-
-    This change should be transparent to most users. Users who use
-    PREROUTING marks to route between two tracked interface are advised
-    to switch to TC_EXPORT=Yes.
 
 Migration Issues.
 
@@ -155,21 +146,12 @@ Migration Issues.
     there. Packet marking rules for traffic shaping of packets
     originating on the firewall must be coded in the POSTROUTING table.
 
-2)  The behavior of the 'track' provider has been changed subtly when
+2)  Previously, Shorewall did not range-check the value of the
-    TC_EXPERT=No.
+    VERBOSITY option in shorewall.conf. Beginning with Shorewall 4.1:
 
-    Previously, traffic entering from a tracked interface was subjected
+    a) A VERBOSITY setting outside the range -1 through 2 is rejected.
-    to PREROUTING marking. This was to allow the PREROUTING rules to
+    b) After the -v and -q options are applied, the resulting value is
-    clear the packet mark, thus causing the packet to be routed using
+       adjusted to fall within the range -1 through 2.
-    the 'main' table (table 254). 
-
-    Beginning with Shorewall 4.1.2, when a packet enters on a tracked
-    interface, the packet mark will be cleared unconditionally and the
-    packet will be routed based on the main table.
-
-    This change should be transparent to most users. Users who use
-    PREROUTING marks to route between two tracked interface are advised
-    to switch to TC_EXPORT=Yes.
 
 New Features in Shorewall 4.1.
 

Shorewall-perl/Shorewall/Tc.pm

@@ -552,10 +552,10 @@ sub setup_tc() {
 	my $mark_part = '';
 
 	if ( @routemarked_interfaces && ! $config{TC_EXPERT} ) {
-	    $mark_part = $config{HIGH_ROUTE_MARKS} ? '-m connmark --mark 0/0xFF00' : '-m connmark --mark 0/0xFF';
+	    $mark_part = $config{HIGH_ROUTE_MARKS} ? '-m mark --mark 0/0xFF00' : '-m mark --mark 0/0xFF';
 
 	    for my $interface ( @routemarked_interfaces ) {
-		add_rule $mangle_table->{PREROUTING} , "-i $interface -j MARK --set-mark 0";
+		add_rule $mangle_table->{PREROUTING} , "-i $interface -j tcpre";
 	    }
 	}