Hi Tom and sorry for the late answer,
> If you mean that the *sum* of the normalized probabilities exceeds 1.0, > that is to be expected. Remember that those packets that have been given > a mark for an interface are not passed on to the rule for the remaining > interfaces . So, in your example with DSL3 'enabled', the normalized > probabilities are: > > DSL1 = 0.25000000 > DSL2 = 0.33333333 > DSL3 = 1.00000000 Exactly, that's what I meant. But, with the previous three providers, Shorewall computes these: Interface dsl0 probability=.25000000 Interface dsl1 probability=.33333333 Interface dsl2 probability=1.19999999 So iptables complains: iptables v1.4.20: statistic: bad value for option "--probability", or out of range (0-1). Try `iptables -h' or 'iptables --help' for more information. ERROR: Command "/sbin/iptables -t mangle -A ~dsl2 -m statistic --mode random --probability 1.19999999 -j MARK --set-mark 0x30000/0xff0000" I haven't yet got the time to think about this, buy maybe it will be enough to clamp $load before passing it to iptables? ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
