Hello,
For advanced TC, only tcrules can be different regarding IPv4/IPv6
because tcrules can contain IP addresses. So far, what I observed is
that an IPv6 rule must be processed by shorewall6. Which would make
sense. What I'm not sure about though, is that the 'IPv6 Support' says
that when u
Hello. Using Shorewall6 4.5.5.3 (Debian) and having the firewall
config files in /tmp/shorewall6/ I get: 'ERROR: Missing Action
File (/tmp/shorewall6/action.DropSmurfs)'. But I did not ask for
any smurf actions to be taken.
This is a very simple test firewall. Interfaces has no options
declared
Hello,
Thanks for your preceeding two replies - much appreciated !
I have three questions regarding running an IPv6 configuration which
could surely benefit from your experience, since they are not directly
related to Shorewall, but happens when using the IPv6 portion.
1) When shorewall6 is ru
Hello,
Although by its nature IPv6 renders nat obsolete, it seems that in
practice many small setups prefers to use NAT instead of an extended
(seemingly too complicated) IPv6 proper configuration. I was told that
a recent ip6tables now supports NAT. If this is true, will there be
also IPv6 NA
On Fri, 3 Oct 2014 09:58:09 +0100,
Simon Hobson wrote :
> Adding NAT doesn't make it any less complicated - it just adds more
> complication and breaks things.
Thanks for the comments - much appreciated !
--
Slashdot
On Thu, 02 Oct 2014 17:47:52 -0700,
Tom Eastep wrote :
> On 10/2/2014 5:30 PM, jone...@teksavvy.com wrote:
> > Although by its nature IPv6 renders nat obsolete, it seems that in
> > practice many small setups prefers to use NAT instead of an extended
> > (seemingly
Hello,
UDP packets are re-ordered when using QoS. QoS is using HTB although
as far as I understand it, the output of the HTB is given to SFQs and
there a re-ordering can happen. This messes up multimedia streams. Is
there a way to configure QoS in Shorewall so that no UDP packet
re-ordering i
On Mon, 17 Nov 2014 16:59:46 -0800
Tom Eastep wrote:
> On 11/17/2014 3:09 PM, jone...@teksavvy.com wrote:
> > Hello,
> >
> > UDP packets are re-ordered when using QoS. QoS is using HTB
> > although as far as I understand it, the output of the HTB is given
> >
On Mon, 17 Nov 2014 18:49:59 -0800
Tom Eastep wrote:
> On 11/17/2014 6:32 PM, jone...@teksavvy.com wrote:
> > Yes. This is described in the SFQ algorithm. And it happens
> > exactly like it is described, eg. each 10 seconds. Each 10 seconds
> > the SFQ algorithm will
Hello,
Is there support within Shorewall for applying QoS to GRE ? Looks
like a popular way of doing that is be the use of a so-called
pre-classify option. Is there an equivalent in Linux or, any other way
to apply QoS to GRE ?
I've read somewhere the following although I"m not sure what is
On Tue, 18 Nov 2014 18:54:23 -0800
Tom Eastep wrote:
> On 11/18/2014 1:33 AM, jone...@teksavvy.com wrote:
> > On Mon, 17 Nov 2014 18:49:59 -0800
> > Tom Eastep wrote:
> >
> >> On 11/17/2014 6:32 PM, jone...@teksavvy.com wrote:
> >
> >>> Yes.
Hello,
What would be the sequence of packet processing when having a
firewall with NAT ? Are the rules processed first then the NAT ?
Thanks.
--
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from A
Hello,
To DSCP-mark the packets of a tunnel (not the packets inside) then
the egress interface by which the tunnel is going would be added to TC
as a device, a default TC class created, then a single rule with
whichever DSCP value configured, basically. Does this sound OK ? Is
there any catch
On Sat, 08 Aug 2015 10:22:23 -0700
Tom Eastep wrote:
> On 08/07/2015 12:27 PM, jonetsu wrote:
>> Would this be a bug ? It looks like the parsing for the presence of
>> the routeback option does not take into account the value.
> Looks like a bug.
Would there be any chance that a solution to
On Tue, 11 Aug 2015 08:54:30 -0700
Tom Eastep wrote:
> The attached patch applies with an offset.
Thanks, works fine ! Is there a need to patch shorewall6 also ?
--
___
Shor
On Sat, 23 Jul 2016 08:22:02 -0700
Tom Eastep wrote:
> On 07/20/2016 02:21 PM, jonetsu wrote:
> > Hello,
> >
> > Some time ago I did a user interface for DSCP marking, taking the
> > documentation from the tcrules of that time, in which it was
> > mentioned that the DSCP mark can be follwoed b
16 matches
Mail list logo
