forked from extern/shorewall_code
Exit status 255 from tcclear indicates that Shorewall should not clear tc
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@391 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
144c9ab576
commit
9ebd6ceaae
@ -4,3 +4,5 @@ Changes since 1.3.12
|
||||
|
||||
2. Print policies in 'check' command.
|
||||
|
||||
3. Result 255 from /etc/shorewall/tcclear inhibits clearing tc rules.
|
||||
|
||||
|
@ -1843,15 +1843,18 @@ setup_tc() {
|
||||
#
|
||||
delete_tc()
|
||||
{
|
||||
local result
|
||||
|
||||
clear_one_tc() {
|
||||
tc qdisc del dev $1 root 2> /dev/null
|
||||
tc qdisc del dev $1 ingress 2> /dev/null
|
||||
}
|
||||
|
||||
run_user_exit tcclear
|
||||
result=$?
|
||||
|
||||
run_ip link list | \
|
||||
while read inx interface details; do
|
||||
if [ $result -ne 255 ]; then
|
||||
run_ip link list | while read inx interface details; do
|
||||
case $inx in
|
||||
[0-9]*)
|
||||
clear_one_tc ${interface%:}
|
||||
@ -1860,6 +1863,7 @@ delete_tc()
|
||||
;;
|
||||
esac
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
@ -3297,7 +3301,7 @@ initialize_netfilter () {
|
||||
run_user_exit newnotsyn
|
||||
if [ -n "$LOGNEWNOTSYN" ]; then
|
||||
if [ "$LOGNEWNOTSYN" = ULOG ]; then
|
||||
run_iptables -A newnotsyn -j ULOG \
|
||||
run_iptables -A newnotsyn -j ULOG
|
||||
--ulog-prefix "Shorewall:newnotsyn:DROP:"
|
||||
else
|
||||
run_iptables -A newnotsyn -j LOG \
|
||||
|
@ -7,8 +7,8 @@ New features include:
|
||||
wish to minimize the number of rules that connection requests must
|
||||
traverse.
|
||||
|
||||
A Shorewall DNAT rule actually generates two iptables rules: an
|
||||
address rewriting rule in the 'nat' table and an ACCEPT rule in the
|
||||
A Shorewall DNAT rule actually generates two iptables rules: a
|
||||
header rewriting rule in the 'nat' table and an ACCEPT rule in the
|
||||
'filter' table. A DNAT- rule only generates the first of these
|
||||
rules. This is handy when you have several DNAT rules that would
|
||||
generate the same ACCEPT rule.
|
||||
@ -32,3 +32,6 @@ New features include:
|
||||
|
||||
2) The 'shorewall check' command now prints out the applicable policy
|
||||
between each pair of zones.
|
||||
|
||||
3. An exit status of 255 from /etc/shorewall/tcclear will prevent
|
||||
Shorewall from clearing the QOS configuration.
|
||||
|
Loading…
Reference in New Issue
Block a user