On Fri, Aug 22, 2014, at 07:14 AM, Tom Eastep wrote: > You will need to set up your iptables rules in the 'start' script, not > in tcstart. The tcstart mechanism is only designed for configuring > qdiscs and classes, but not any packet marking that goes along with it.
Yep, *just* stumbled on same result ... moving the invocation of the entire script to 'started' seems to do the trick ... without yet realizing WHY. (1) is 'start' recommended over 'started'? (2) given "tcstart mechanism is only designed for configuring qdiscs and classes" -- is that a MUST or a MAY? should I necessarily *split* the script -- 'qdiscs/classes' setup invoked from tcstart, and the packet marking invoked from 'start(ed)' ? atm, moving the ENTIRE script to 'started' results in the mangle chain being preserved ... although the classification of traffic is NOT working as intended (yet). ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
