diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index f244b578f..dfa4a09d4 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -113,7 +113,6 @@ our @EXPORT = ( qw( OPTIONS IPTABLES TARPIT - MARKRULE FILTER_TABLE NAT_TABLE MANGLE_TABLE @@ -282,7 +281,7 @@ our %EXPORT_TAGS = ( get_interface_address get_interface_addresses get_interface_bcasts - get_interface_acastst + get_interface_acasts interface_gateway get_interface_gateway get_interface_mac @@ -462,7 +461,6 @@ use constant { STANDARD => 0x1, #defined by Netfilter OPTIONS => 0x80000, #Target Accepts Options IPTABLES => 0x100000, #IPTABLES or IP6TABLES TARPIT => 0x200000, #TARPIT - MARKRULE => 0x400000, #MARK-oriented rules FILTER_TABLE => 0x1000000, MANGLE_TABLE => 0x2000000, @@ -3188,14 +3186,14 @@ sub initialize_chain_table($) { 'ACCEPT+' => STANDARD + NONAT, 'ACCEPT!' => STANDARD, 'ADD' => STANDARD + SET, - 'AUDIT' => STANDARD + AUDIT + OPTIONS, + 'AUDIT' => STANDARD + AUDIT + OPTIONS, 'A_ACCEPT' => STANDARD + AUDIT, - 'A_ACCEPT+' => STANDARD + NONAT + AUDIT, + 'A_ACCEPT+' => STANDARD + NONAT + AUDIT, 'A_ACCEPT!' => STANDARD + AUDIT, 'A_DROP' => STANDARD + AUDIT, 'A_DROP!' => STANDARD + AUDIT, - 'NONAT' => STANDARD + NONAT + NATONLY, - 'CONNMARK' => STANDARD + MARKRULE + OPTIONS, + 'NONAT' => STANDARD + NONAT + NATONLY, + 'CONNMARK' => STANDARD + OPTIONS, 'CONTINUE' => STANDARD, 'CONTINUE!' => STANDARD, 'COUNT' => STANDARD, @@ -3208,8 +3206,8 @@ sub initialize_chain_table($) { 'INLINE' => INLINERULE, 'IPTABLES' => IPTABLES, 'LOG' => STANDARD + LOGRULE + OPTIONS, - 'MARK' => STANDARD + MARKRULE + OPTIONS, - 'NFLOG' => STANDARD + LOGRULE + NFLOG + OPTIONS, + 'MARK' => STANDARD + OPTIONS, + 'NFLOG' => STANDARD + LOGRULE + NFLOG + OPTIONS, 'NFQUEUE' => STANDARD + NFQ + OPTIONS, 'NFQUEUE!' => STANDARD + NFQ, 'QUEUE' => STANDARD + OPTIONS, diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 5c4f3f5a9..38977b2fd 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -465,7 +465,7 @@ our %capdesc = ( NAT_ENABLED => 'NAT', TPROXY_TARGET => 'TPROXY Target', FLOW_FILTER => 'Flow Classifier', FWMARK_RT_MASK => 'fwmark route mask', - MARK_ANYWHERE => 'Mark in the filter and nat tables', + MARK_ANYWHERE => 'Mark in the filter table', HEADER_MATCH => 'Header Match', ACCOUNT_TARGET => 'ACCOUNT Target', AUDIT_TARGET => 'AUDIT Target', diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 3919ba44f..72b2850b4 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -5422,10 +5422,6 @@ sub process_snat1( $$$$$$$$$$$$ ) { $actiontype = $builtin_target{$target = 'MASQUERADE'}; $add_snat_aliases = ''; $logaction = 'MASQ'; - } elsif ( $action =~ /^((?:CONN)?MARK)(\+)?\((.+)\)$/ ) { - $actiontype = $targets{$logaction = $1}; - $pre_nat = $2; - validate_mark( $param = $3 ); } else { ( $target , $params ) = get_target_param1( $action ); @@ -5444,7 +5440,7 @@ sub process_snat1( $$$$$$$$$$$$ ) { $target = 'LOG'; } } else { - fatal_error "Invalid ACTION ($action)" unless $actiontype & ( ACTION | INLINE | MARKRULE ); + fatal_error "Invalid ACTION ($action)" unless $actiontype & ( ACTION | INLINE ); $logaction = ''; } } @@ -5770,8 +5766,6 @@ sub process_snat1( $$$$$$$$$$$$ ) { } else { $loglevel = ''; } - } elsif ( $actiontype & MARKRULE ) { - $target = "$logaction --set-mark $param" } else { for my $option ( split_list2( $options , 'option' ) ) { if ( $option eq 'random' ) {