From f977631af9a01c6e1496a7f439d344dfa52036b9 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 5 Jul 2010 09:46:24 -0700 Subject: [PATCH] Just reset provider bits in FORWARD chain --- Shorewall/Perl/Shorewall/Providers.pm | 2 +- Shorewall/Perl/Shorewall/Tc.pm | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index eee90e489..82579b320 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -435,7 +435,7 @@ sub add_a_provider( ) { } if ( $mark ne '-' ) { - my $mask = have_capability 'FWMARK_RT_MASK' ? "/$globals{PROVIDER_MASK}" : ''; + my $mask = have_capability 'FWMARK_RT_MASK' ? '/' . in_hex $globals{PROVIDER_MASK} : ''; emit ( "qt \$IP -$family rule del fwmark ${mark}${mask}" ) if $config{DELETE_THEN_ADD}; diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 08ab45a4e..39416844a 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -1385,7 +1385,9 @@ sub setup_tc() { add_jump $mangle_table->{OUTPUT} , 'tcout', 0, $mark_part; if ( have_capability( 'MANGLE_FORWARD' ) ) { - add_rule( $mangle_table->{FORWARD}, '-j MARK --set-mark 0' ) if $config{FORWARD_CLEAR_MARK}; + my $mask = have_capability 'EXMARK' ? have_capability 'FWMARK_RT_MASK' ? '/' . in_hex $globals{PROVIDER_MASK} : '' : ''; + + add_rule( $mangle_table->{FORWARD}, "-j MARK --set-mark 0${mask}" ) if $config{FORWARD_CLEAR_MARK}; add_jump $mangle_table->{FORWARD} , 'tcfor', 0; add_jump $mangle_table->{POSTROUTING} , 'tcpost', 0; }