holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Clear packet marks in PREROUTING and OUTPUT

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-09-24 15:46:04 -07:00
parent 0f287dfe60
commit fa9ee6d69e
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -125,6 +125,10 @@ sub setup_route_marking() {
my $exmask = have_capability( 'EXMARK' ) ? "/$mask" : ''; my $exmask = have_capability( 'EXMARK' ) ? "/$mask" : '';
require_capability( $_ , q(The provider 'track' option) , 's' ) for qw/CONNMARK_MATCH CONNMARK/; require_capability( $_ , q(The provider 'track' option) , 's' ) for qw/CONNMARK_MATCH CONNMARK/;
#
# Clear the mark -- we have seen cases where the mark is non-zero even in the raw table chains!
#
add_ijump( $mangle_table->{$_}, j => 'MARK', targetopts => '--set-mark 0' ) for qw/PREROUTING OUTPUT/;
if ( $config{RESTORE_ROUTEMARKS} ) { if ( $config{RESTORE_ROUTEMARKS} ) {
add_ijump $mangle_table->{$_} , j => 'CONNMARK', targetopts => "--restore-mark --mask $mask" for qw/PREROUTING OUTPUT/; add_ijump $mangle_table->{$_} , j => 'CONNMARK', targetopts => "--restore-mark --mask $mask" for qw/PREROUTING OUTPUT/;