-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brian J. Murrell wrote: > On Thu, 2007-19-04 at 07:12 -0700, Tom Eastep wrote: >> I'm lost. What is the difference between that and what HIGH_ROUTE_MARKS=Yes >> does already (except for the width of the fields). > > Nothing at all. What I am proposing is in fact an emulation of > HIGH_ROUTE_MARKS=Yes without using HIGH_ROUTE_MARKS=Yes. > >> I believe that to do what >> you are proposing requires the same capabilities. > > But doesn't require that the kernel/iptables support "both the extended > CONNMARK target and the extended connmark match capabilities" which my > kernel does not unfortunately: > > shorewall-lite show capabilities > ... > Extended CONNMARK Target: Available > ... > Extended MARK Target: Not available > ... >
Then I would suggest that you just patch out the one place in the code that requires that capability with HIGH_ROUTE_MARKS=Yes. No sense re-inventing the wheel. It will mean that in the INPUT, FORWARD and POSTROUTING chains, the current packet mark may still have the high-order bits left over from the routing decision. You could replace the '--and-mark 0xFF' with '-j MARK --mark 0'. I haven't the time currently to worry about whether that change can be made in the released code. But it should get you going, at any rate. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGJ5YMO/MAbZfjDLIRAm1fAJ0ZMsaBKztPfNNbqicnpdpIMOiuowCgxYi3 InZpCDkuPdh4p0d2RdD4dHc= =BtOe -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
