Tom Eastep wrote: > Brian J. Murrell wrote: >> On Fri, 2007-05-18 at 10:29 -0700, Tom Eastep wrote: >>> The mask determines the bits tested, not the bits ignored. >> Right. It's a bitwise AND right? So 0x0/0xFF00 tests the left-most 8 >> bits of a 16 bit number for being 0 yes? But if I don't have high-marks >> enabled (HIGH_ROUTE_MARKS=No) what is the point of this rule? > > It's a bug.
This should fix it. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Index: compiler
===================================================================
--- compiler (revision 6382)
+++ compiler (working copy)
@@ -958,7 +958,7 @@
# packets that are not part of a marked connection to the 'tcpre/tcout' chains.
#
if [ -n "$ROUTEMARK_INTERFACES" -a -z "$TC_EXPERT" ]; then
- mark_part="-m mark --mark 0/0xFF00"
+ [ -n "$HIGH_ROUTE_MARKS" ] && mark_part="-m mark --mark 0/0xFF00" || mark_part="-m mark --mark 0/0xFF"
#
# But let marks in tcpre override those assigned by 'track'
#
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
