Brian J. Murrell wrote: > > The only other thing I do in start is: > > num_tcfor_rules=$(($($IPTABLES -t mangle -L tcfor -n | wc -l) - 2)) > $IPTABLES -t mangle -I tcfor $num_tcfor_rules -m helper --helper sip -j MARK > --set-mark 0x1 > > To get SIP connections prioritized and: > > # ospf is exempt from mac blocking > $IPTABLES -I br-lan_mac -p 89 -j RETURN > > Because *everyone* should participate in OSPF regardless of whether they > are allowed to use the gateway or not. IIRC, if you don't do this, it > confuses the overall OSPF fabric. Or maybe it was just a quagga > bug. :-)
And none of those things (except your ipv6 stuff) needs to be done on 'restore'. > >> Alternatively, I can create a 'restored' script. Probably safer... > > restored to be executed in place of started? Sure. > That is the approach I'm taking. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
