-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2/24/20 11:46 AM, Brian J. Murrell wrote:
> Is there any option to have shorewall[6] completely disregard the
> mangle table?
>
> I've pared down my previous multi-provider config such that all I
> am getting in my mangle table is:
>
> Chain PREROUTING (policy ACCEPT 41 packets, 3740 bytes) pkts bytes
> target prot opt in out source
> destination
>
>
> Chain INPUT (policy ACCEPT 41 packets, 3740 bytes) pkts bytes
> target prot opt in out source
> destination
>
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target
> prot opt in out source destination 0 0
> MARK all -- * * 0.0.0.0/0 0.0.0.0/0
> MARK and 0xffff00ff
>
> Chain OUTPUT (policy ACCEPT 46 packets, 4880 bytes) pkts bytes
> target prot opt in out source
> destination
>
>
> Chain POSTROUTING (policy ACCEPT 34 packets, 3872 bytes) pkts
> bytes target prot opt in out source
> destination
>
>
> I'm not sure where that one line FORWARD MARK rule is coming from,
> but ultimately Shorewall is still wiping out what another
> application had put into the mangle table.
You apparently have FORWARD_CLEAR_MARK=Yes or it is defaulting to Yes.
Set it to No to be sure.
>
> I don't want Shorewall touching the mangle table at all. Possible?
>
You can try creating a capabilities file then manually setting
MANGLE_ENABLED=
in the capabilities file. YMMV.
- -Tom
- --
Tom Eastep \ Q: What do you get when you cross a mobster
Shoreline, \ with an international standard?
Washington, USA \ A: Someone who makes you an offer you
http://shorewall.org \ can't understand
\________________________________________
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIzBAEBCgAdFiEEFNMNR63CLO6yqbL8luaz8kI6TRAFAl5UMaYACgkQluaz8kI6
TRD71hAAk86lzmkWYkfQIJw5vlrQcNwi4gK9KxOFEW6oZy1rG9RNbipON/AdFI+T
kCpfv2ggKKb7PckO5JtNQnGrBHUprX0MoEPRWz6XBQE3NTtfzYEwCOXss2MdFsbC
R1vnP77EMVMhIxibO3Wh45Rldb3GnFdMCY89rvOJ9unYnTk0+CCbGF6CMkBKfqNp
gXW9XGl4/gqzo56R7VgJw1USIiAwTZS+NVK4JGeox+xSMKGo+q8PGeKkGTr8y+PG
fP8jS9rC1MuSYCS5WSOkzVI9MrqAOgs5zWElMUdLuE0mAYgc9zpXB+jcyRkPrzHH
HpIPzwzHC5c7RsH8ITaV9rszwTXRnnoHSiTXALwLxYKfBe9duSFEjz7MCugcYJnM
W/gNLSCvGpE+FeZ0JFPwr33GuYOLWzpCn8iI22o+ZjIbV5Hszz3TmL3QpKFBfmzj
csT2ABI/E912Q867RKlqKIcD1IZtTe5RkLeevoz/aEIdFgOwdW5pasaaMKuI4OlZ
J8WHi0LagRqsv7gFMw9/xgkm8rysMGABAnlc1peFzg54I5lzDpCSb8e7sP4NdbXJ
9tE/mBLCMF0tsgv6UollcfzhTiTKCBqb9EKs7jMpg9m1tm5G346AgSMuLGsKIJqV
o42wuRN1w0RjUQmF/u+3lRz2Ra7XOeHs29cPajBzUgI8+Ee6m8E=
=VzGM
-----END PGP SIGNATURE-----
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
