Add CLEAR_TC option

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@392 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-31 16:04:31 +00:00 · 2002-12-31 16:04:31 +00:00 · b1fb6bd72c
commit b1fb6bd72c
parent 9ebd6ceaae
3 changed files with 28 additions and 20 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -4,5 +4,5 @@ Changes since 1.3.12

 2. Print policies in 'check' command.

-3. Result 255 from /etc/shorewall/tcclear inhibits clearing tc rules.
+3. Added CLEAR_TC option.

--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -1257,7 +1257,7 @@ stop_firewall() {

    [ -n "$NAT_ENABLED" ] && delete_nat
    delete_proxy_arp
-    [ -n "$TC_ENABLED" ] && delete_tc
+    [ -n "$CLEAR_TC" ] && delete_tc

    setpolicy INPUT DROP
    setpolicy OUTPUT DROP
@ -1843,7 +1843,6 @@ setup_tc() {
 #
 delete_tc()
 {
-    local result

    clear_one_tc() {
 	tc qdisc del dev $1 root    2> /dev/null
@ -1851,19 +1850,17 @@ delete_tc()
    }

    run_user_exit tcclear
-    result=$?

-    if [ $result -ne 255 ]; then
-	run_ip link list | while read inx interface details; do
-	    case $inx in
-		[0-9]*)
-                    clear_one_tc ${interface%:}
-		    ;;
-		*)
-		    ;;
-	    esac
-	done
-    fi
+    run_ip link list | \
+    while read inx interface details; do
+	case $inx in
+	    [0-9]*)
+		clear_one_tc ${interface%:}
+		;;
+	    *)
+		;;
+	esac
+    done
 }

 #
@ -1873,7 +1870,7 @@ refresh_tc() {

    echo "Refreshing Traffic Control Rules..."

-    delete_tc
+    [ -n "$CLEAR_TC" ] && delete_tc

    [ -n "$MARK_IN_FORWARD_CHAIN" ] && chain=tcfor || chain=tcpre
    
@ -3267,7 +3264,7 @@ initialize_netfilter () {
 	run_iptables -t mangle -F && \
 	run_iptables -t mangle -X

-    [ -n "$TC_ENABLED" ] && delete_tc
+    [ -n "$CLEAR_TC" ] && delete_tc

    run_user_exit init

@ -4578,7 +4575,11 @@ do_initialize() {
    [ -z "$RFC1918_LOG_LEVEL" ] && RFC1918_LOG_LEVEL=info
    MARK_IN_FORWARD_CHAIN=`added_param_value_no MARK_IN_FORWARD_CHAIN $MARK_IN_FORWARD_CHAIN`
    [ -n "$MARK_IN_FORWARD_CHAIN" ] && marking_chain=tcfor || marking_chain=tcpre
-
+    if [ -n "$TC_ENABLED" ]; then
+	CLEAR_TC=`added_param_value_yes CLEAR_TC $CLEAR_TC`
+    else
+	CLEAR_TC=
+    fi
 }

 #
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -33,5 +33,12 @@ New features include:
 2) The 'shorewall check' command now prints out the applicable policy
   between each pair of zones.

-3. An exit status of 255 from /etc/shorewall/tcclear will prevent
-   Shorewall from clearing the QOS configuration.
+3. A new CLEAR_TC option has been added to shorewall.conf. If this
+   option is set to 'No' then Shorewall won't clear the current
+   traffic control rules during [re]start. This setting is intended
+   for use by people that prefer to configure traffic shaping when
+   the network interfaces come up rather than when the firewall
+   is started. By setting TC_ENABLED=Yes and CLEAR_TC=No and by
+   not supplying an /etc/shorewall/tcstart file, your traffic 
+   shaping rules can still use the 'fw' classifier based on packet
+   marking defined in /etc/shorewall/tcrules.