On Wed, 2007-18-04 at 13:18 -0700, Tom Eastep wrote: > Brian J. Murrell wrote: > > > But then the question becomes, can an ip rule be written to only look at > > the fwmark with a mask, and can shaping rules be done to do the same? > > No. That's the problem that the HIGH_ROUTE_MARKS option solves.
Indeed, what I had suspected. > But you can still make it work by taking the approach that you suggested -- > you just can't make 'track' work right. Bot won't track still work completely as long as one avoids marking packets in PREROUTING (which is the default if MARK_IN_FORWARD_CHAIN=Yes which seems to be the best choice for that setting) for anything except routing as per my example (which actually should be): CONTINUE:P 0.0.0.0/0 0.0.0.0/0 all - - - !0/0xc0 64:P 0.0.0.0/0 64 $FW So, (only) mark packets in PREROUTING for 'track' and then add additional (through masking) packets in FORWARD for things like traffic shaping (is there any other reason to mark packets?). If I'm right, this seems like it could be a SOP (in absence of high marks) for using marking both for routing and shaping, complete with warnings/errors for marking packets in the wrong places, no? b. -- My other computer is your Microsoft Windows server. Brian J. Murrell
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
