Brian J. Murrell wrote: > On Wed, 2009-05-13 at 09:10 -0700, Tom Eastep wrote: >> Brian J. Murrell wrote: >>> On Wed, 2009-05-13 at 08:30 -0700, Tom Eastep wrote: >>>> Not without seeing the entire generated script. >>> Is that the firewall script you want to see? >> Please. > > For the benefit of the list, I sent them to Tom directly. No need to > send large files like that to the list. I am sure he or I will > summarize the issue(s) upon examination/resolution.
Brian, I see nothing wrong with the generated commands. I've performed this sequence of operations on two different systems ranging from Debian Etch (2.6.18) to Ubuntu Jaunty (2.6.28): r...@ursa:# tc qdisc add dev eth1 root handle 1: htb default 13 r...@ursa:# tc class add dev eth1 parent 1:1 classid 1:11 htb rate 558kbit ceil 570kbit prio 1 r...@ursa:# tc qdisc add dev eth1 parent 1:11 handle 11: sfq limit 127 perturb 10 r...@ursa:# tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle 1 fw classid 1:11 r...@ursa:# That appears to be the sequence of operations that is failing on your box (I've omitted a couple of parameters that should have no effect on the failing command). Is there a way that you can confirm that the above sequence fails? No copy of busybox that I have includes 'tc' support so I can't try this in that environment. > > BTW Tom, I must say I never really appreciated the design element of > storing the entire configuration in the "restore" shell script so much > as I did when even after an upgrade to 4.2.8 failed to load my newly > compiled ruleset, it didn't prevent the older version compiled ruleset > from being restored -- even with the new version still installed. > > Very nice! Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
