I meant to say it doesn’t add correct *match* where I said it doesn’t add the
*target*
> On Jan 27, 2015, at 10:22 PM, Hesham Shakil Ahmed <hsah...@gmail.com> wrote:
>
> Hello,
>
> Version 4.6.6 correctly adds the —set-mark option however it doesn’t add the
> target when using mark range.
>
> For the rule:
>
> MARK(0x200-0x300/0xff00) 10.0.0.0/24 - tcp 80,443
>
> The rule added is (notice “all" proto instead of tcp and missing dport):
>
> 1661 405K MARK all -- * * 10.0.0.0/24 0.0.0.0/0
> statistic mode nth every 2 MARK xset 0x200/0xff00
> 1657 413K MARK all -- * * 10.0.0.0/24 0.0.0.0/0
> statistic mode nth every 2 packet 1 MARK xset 0x300/0xff00
>
> Using a single mark works fine:
> 1247 219K MARK tcp -- * * 10.0.0.0/24 0.0.0.0/0
> multiport dports 80,443 MARK set 0x200
>
> Regards,
>
> Hesham S. Ahmed
>
>> On Dec 13, 2014, at 7:06 PM, Tom Eastep <teas...@shorewall.net
>> <mailto:teas...@shorewall.net>> wrote:
>>
>> On 11/26/2014 4:25 AM, Hesham Shakil Ahmed wrote:
>>> Shorewall doesn’t create the correct rule when using MARK(range) in mangle
>>>
>>> Trying the following rule:
>>>
>>> MARK(0x100-0x200/0xff00) 10.0.0.0/8 0.0.0.0/0
>>>
>>> fails with error:
>>> Bad argument `0x100/0xff00'
>>> Error occurred at line: 90
>>> Try `iptables-restore -h' or 'iptables-restore --help' for more information.
>>> ERROR: iptables-restore Failed. Input is in
>>> /var/lib/shorewall/.iptables-restore-input
>>>
>>> The rule created is "-A tcpre -s 10.0.0.0/8 -m statistic --mode nth --every
>>> 2 --packet 0 -j MARK 0x100/0xff00”
>>>
>>> Its missing —set-mark after -j MARK directive
>>>
>>
>> My apologies for the delay in answering your email - I've been traveling
>> abroad for the last three weeks. The attached patch seems to correct the
>> problem.
>>
>> Thanks,
>> -Tom
>> --
>> Tom Eastep \ When I die, I want to go like my Grandfather who
>> Shoreline, \ died peacefully in his sleep. Not screaming like
>> Washington, USA \ all of the passengers in his car
>> http://shorewall.net \________________________________________________
>> <MARK-range.patch>------------------------------------------------------------------------------
>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>> with Interactivity, Sharing, Native Excel Exports, App Integration & more
>> Get technology previously reserved for billion-dollar corporations, FREE
>> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk_______________________________________________
>> Shorewall-users mailing list
>> Shorewall-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
