TE> Slava wrote: >> >> >> Sorry, more details >> We divide web traffic in several group, each has CONNMARK for example >> 0x1...0xN, assigned in output chain after Tproxy-Squid. For incoming >> from i-net packets this MARK restored in PREROUTING and traffic go to >> IMQ for shaping. DIVERT set his own bit in MARK, in default config >> OR 0x200 ( for TC_BITS=16 have 0x20000 ). So (question) on IMQ we have MARK >> 0x201...0x20N, and i can't define >> classes with such numbers in TCCLASSES. (I return TCRULES to FORMAT 1 >> and create divert table and jump to it in START config file and all >> work well) >>
TE> Okay -- You will have to continue to use that method. The problem TE> is that Shorewall wants to reserve the PREROUTING mangle chain for TE> policy routing whereas IMQ requires setting TC marks in PREROUTING. TE> -Tom Offtop. May be adding MARK/MASK in tcclasses is not bad idea, tc filter support that. Will continue use my config. Thank you -- С уважением, Карпущенко Вячеслав ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
