Hi,
I usually set up port mirroring outside Shorewall, but on a restart I
need to reconfigure it.
I was wondering if I could set up port mirroring within the shorewall
config files.
My first try was to use the started file:
if [ "$COMMAND" = start -o "$COMMAND" = restart -o "$COMMAND" = reload ]; then
if [ ! -z "${IF_SOC_VLAN}" ]; then
for lan_vid in 13 14 15
do
run_tc qdisc add dev ${IF_LAN}.${lan_vid} ingress
run_tc filter add dev ${IF_LAN}.${lan_vid} parent ffff:
protocol all u32 match u8 0 0 action mirred egress mirror dev
$IF_SOC_VLAN
run_tc qdisc add dev ${IF_LAN}.${lan_vid} handle 1: root prio
run_tc filter add dev ${IF_LAN}.${lan_vid} parent 1:
protocol all u32 match u8 0 0 action mirred egress mirror dev
$IF_SOC_VLAN
done
fi
fi
This works fine, but is there a better way to do this within Shorewall?
Vieri
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
