Re: [Shorewall-users] DSCP marking

On Sat, 23 Jul 2016 08:22:02 -0700 Tom Eastep wrote: > On 07/20/2016 02:21 PM, jonetsu wrote: > > Hello, > > > > Some time ago I did a user interface for DSCP marking, taking the > > documentation from the tcrules of that time, in which it was > > mentioned that the

Re: [Shorewall-users] routeback option explicitly disabled generates error

On Tue, 11 Aug 2015 08:54:30 -0700 Tom Eastep teas...@shorewall.net wrote: The attached patch applies with an offset. Thanks, works fine ! Is there a need to patch shorewall6 also ? --

Re: [Shorewall-users] routeback option explicitly disabled generates error

On Sat, 08 Aug 2015 10:22:23 -0700 Tom Eastep teas...@shorewall.net wrote: On 08/07/2015 12:27 PM, jonetsu wrote: Would this be a bug ? It looks like the parsing for the presence of the routeback option does not take into account the value. Looks like a bug. Would there be any chance

[Shorewall-users] tunnels and DSCP

Hello, To DSCP-mark the packets of a tunnel (not the packets inside) then the egress interface by which the tunnel is going would be added to TC as a device, a default TC class created, then a single rule with whichever DSCP value configured, basically. Does this sound OK ? Is there any catch

[Shorewall-users] QoS for GRE

Hello, Is there support within Shorewall for applying QoS to GRE ? Looks like a popular way of doing that is be the use of a so-called pre-classify option. Is there an equivalent in Linux or, any other way to apply QoS to GRE ? I've read somewhere the following although Im not sure what is

Re: [Shorewall-users] Re-ordering of UDP packets with QoS

On Tue, 18 Nov 2014 18:54:23 -0800 Tom Eastep teas...@shorewall.net wrote: On 11/18/2014 1:33 AM, jone...@teksavvy.com wrote: On Mon, 17 Nov 2014 18:49:59 -0800 Tom Eastep teas...@shorewall.net wrote: On 11/17/2014 6:32 PM, jone...@teksavvy.com wrote: Yes. This is described

Re: [Shorewall-users] Re-ordering of UDP packets with QoS

On Mon, 17 Nov 2014 18:49:59 -0800 Tom Eastep teas...@shorewall.net wrote: On 11/17/2014 6:32 PM, jone...@teksavvy.com wrote: Yes. This is described in the SFQ algorithm. And it happens exactly like it is described, eg. each 10 seconds. Each 10 seconds the SFQ algorithm will perturb

Re: [Shorewall-users] Re-ordering of UDP packets with QoS

On Mon, 17 Nov 2014 16:59:46 -0800 Tom Eastep teas...@shorewall.net wrote: On 11/17/2014 3:09 PM, jone...@teksavvy.com wrote: Hello, UDP packets are re-ordered when using QoS. QoS is using HTB although as far as I understand it, the output of the HTB is given to SFQs and there a re

[Shorewall-users] IPv6 NAT support ?

Hello, Although by its nature IPv6 renders nat obsolete, it seems that in practice many small setups prefers to use NAT instead of an extended (seemingly too complicated) IPv6 proper configuration. I was told that a recent ip6tables now supports NAT. If this is true, will there be also IPv6

[Shorewall-users] Using Shorewall IPv6

Hello, Thanks for your preceeding two replies - much appreciated ! I have three questions regarding running an IPv6 configuration which could surely benefit from your experience, since they are not directly related to Shorewall, but happens when using the IPv6 portion. 1) When shorewall6 is

[Shorewall-users] Missing DropSmurfs action file

Hello. Using Shorewall6 4.5.5.3 (Debian) and having the firewall config files in /tmp/shorewall6/ I get: 'ERROR: Missing Action File (/tmp/shorewall6/action.DropSmurfs)'. But I did not ask for any smurf actions to be taken. This is a very simple test firewall. Interfaces has no options

[Shorewall-users] Using TC in both IPv4 and IPv6

Hello, For advanced TC, only tcrules can be different regarding IPv4/IPv6 because tcrules can contain IP addresses. So far, what I observed is that an IPv6 rule must be processed by shorewall6. Which would make sense. What I'm not sure about though, is that the 'IPv6 Support' says that when