Exit status 255 from tcclear indicates that Shorewall should not clear tc

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@391 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-12-31 03:50:05 +00:00
parent 144c9ab576
commit 9ebd6ceaae
3 changed files with 22 additions and 13 deletions

View File

@ -4,3 +4,5 @@ Changes since 1.3.12
2. Print policies in 'check' command.
3. Result 255 from /etc/shorewall/tcclear inhibits clearing tc rules.

View File

@ -1843,15 +1843,18 @@ setup_tc() {
#
delete_tc()
{
local result
clear_one_tc() {
tc qdisc del dev $1 root 2> /dev/null
tc qdisc del dev $1 ingress 2> /dev/null
}
run_user_exit tcclear
result=$?
run_ip link list | \
while read inx interface details; do
if [ $result -ne 255 ]; then
run_ip link list | while read inx interface details; do
case $inx in
[0-9]*)
clear_one_tc ${interface%:}
@ -1860,6 +1863,7 @@ delete_tc()
;;
esac
done
fi
}
#
@ -3297,7 +3301,7 @@ initialize_netfilter () {
run_user_exit newnotsyn
if [ -n "$LOGNEWNOTSYN" ]; then
if [ "$LOGNEWNOTSYN" = ULOG ]; then
run_iptables -A newnotsyn -j ULOG \
run_iptables -A newnotsyn -j ULOG
--ulog-prefix "Shorewall:newnotsyn:DROP:"
else
run_iptables -A newnotsyn -j LOG \

View File

@ -7,8 +7,8 @@ New features include:
wish to minimize the number of rules that connection requests must
traverse.
A Shorewall DNAT rule actually generates two iptables rules: an
address rewriting rule in the 'nat' table and an ACCEPT rule in the
A Shorewall DNAT rule actually generates two iptables rules: a
header rewriting rule in the 'nat' table and an ACCEPT rule in the
'filter' table. A DNAT- rule only generates the first of these
rules. This is handy when you have several DNAT rules that would
generate the same ACCEPT rule.
@ -32,3 +32,6 @@ New features include:
2) The 'shorewall check' command now prints out the applicable policy
between each pair of zones.
3. An exit status of 255 from /etc/shorewall/tcclear will prevent
Shorewall from clearing the QOS configuration.