Re: [Shorewall-users] create new routing table via providers

Mon, 11 Nov 2019 07:59:36 -0800 

Conditional match may be a function of the kernel's xtables addon.  I always 
install it
to get GeoIP match support although it taints the kernel.  I've run it for 
years without
any problems.

Installation may be a simple as rebooting after running:
dnf install akmod-xtables-addons

In the past, sometimes I've had to run "depmod -a" after rebooting.
Oh, you'll need the rpmfusion repo to install.

Here's the rpms pulled in:
[0:root@apslinux ~]$ rpm -qa | grep -e kmod -e xtables | sort
akmods-0.5.6-15.fc28.noarch
akmod-xtables-addons-3.0-1.fc28.x86_64
kmod-25-2.fc28.x86_64
kmod-libs-25-2.fc28.x86_64
kmodtool-1-29.fc28.noarch
kmod-xtables-addons-4.16.14-300.fc28.x86_64-3.0-1.fc28.x86_64
kmod-xtables-addons-4.16.15-300.fc28.x86_64-3.0-1.fc28.x86_64
kmod-xtables-addons-4.16.16-300.fc28.x86_64-3.0-1.fc28.x86_64
kmod-xtables-addons-4.17.19-200.fc28.x86_64-3.0-1.fc28.x86_64
kmod-xtables-addons-4.17.5-200.fc28.x86_64-3.0-1.fc28.x86_64
xtables-addons-3.0-1.fc28.x86_64


Bill

On 11/11/2019 4:16 AM, Vieri Di Paola wrote:

On Sat, Nov 9, 2019 at 1:48 AM Bill Shirley
<b...@ultrapoly.polymerindustries.biz> wrote:

10001:  from all fwmark 0x2/0xff lookup CAIB

The only thing you need to do is add a rule to the mangle file (PREROUTING 
section)
utilizing the SWITCH column to mark all the traffic you want to override to 
CAIB with
MARK(2):P near the top.  Then it's just a matter of issuing:
echo 1 > /proc/net/nf_condition/override_to_CAIB
to enable the bypass

Thanks, Bill.

I don't know if packet marking several destinations (I have quite a
few) is more efficient than adding just one route rule between 2
routing tables.
In any case, I can't try your solution just yet because my kernel or
iptables or both do not support conditionals.

# shorewall show capabilities | grep -i condition
    Condition Match (CONDITION_MATCH): Not available

I'll try to update asap.

Thanks for the great idea, though.

Vieri


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users



_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to