You would need a way to detect link status and enable/disable the link in
shorewall accordingly.
Manually you can just run:
shorewall disable eth1
and when the connection returns
shorewall enable eth1
A better solution would be use something like lsm (read here
works fine:
1247 219K MARK tcp -- * * 10.0.0.0/24 0.0.0.0/0
multiport dports 80,443 MARK set 0x200
Regards,
Hesham S. Ahmed
On Dec 13, 2014, at 7:06 PM, Tom Eastep teas...@shorewall.net wrote:
On 11/26/2014 4:25 AM, Hesham Shakil Ahmed wrote:
Shorewall
I meant to say it doesn’t add correct *match* where I said it doesn’t add the
*target*
On Jan 27, 2015, at 10:22 PM, Hesham Shakil Ahmed hsah...@gmail.com wrote:
Hello,
Version 4.6.6 correctly adds the —set-mark option however it doesn’t add the
target when using mark range
Please don’t apologize! Thank you for your great work.
On Dec 13, 2014, at 7:06 PM, Tom Eastep teas...@shorewall.net wrote:
On 11/26/2014 4:25 AM, Hesham Shakil Ahmed wrote:
Shorewall doesn’t create the correct rule when using MARK(range) in mangle
Trying the following rule:
MARK
Shorewall doesn’t create the correct rule when using MARK(range) in mangle
Trying the following rule:
MARK(0x100-0x200/0xff00)10.0.0.0/8 0.0.0.0/0
fails with error:
Bad argument `0x100/0xff00'
Error occurred at line: 90
Try `iptables-restore -h' or 'iptables-restore --help' for