[Shorewall-users] Shorewall 5.1.10 RC 1
Shorewall 5.1.10 RC 1 is now available for testing. Problems Corrected since Beta 2: 1) Previously, Shorewall-init would recompile the firewall script each time that it ran. Now, it only compiles the script if it doesn't exist. 2) Specifying IN-BANDWIDTH would previously cause a run-time start/restart/reload failure when a later version of iproute2 was installed. The problem has been observed on both iproute2 4.13.0 and 4.14.0. The failure message was similar to the following: Setting up Traffic Control... "rate" or "avrate" MUST be specified. Illegal "police" ERROR: Command "tc filter add dev ppp0 parent : protocol all prio 10 basic police mpu 64 drop rate 55378kbit burst 10kb" Failed This problem has been resolved. Thank you for testing, -Tom -- Tom Eastep\ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \___ signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] newer iproute2 revision in gentoo causes issues with activated traffic control
On 12/18/2017 11:45 AM, Tom Eastep wrote:
> On 12/18/2017 10:11 AM, Tom Eastep wrote:
>> On 12/18/2017 08:37 AM, Alexander Stoll wrote:
>>> Hello
>>>
>>> I want to bring to your attention that at least gentoo stabilized
>>> iproute 4.14.x (4.4.0 was old stable) which obviously needs new
>>> parameters for tc command when enabled in shorewall.
>>>
>>> Are you already aware of this issue?
>>>
>>> Please refer also to this bug:
>>> https://bugs.gentoo.org/640766
>>>
>>> No progress on this bug visible...
>>>
>>
>> We were not aware of this issue, but I have reproduced it with
>> iproute2-4.13.0.
>>
>
> Patch attached.
>
Corrected patch.
-Tom
--
Tom Eastep\ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\___
diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 49dc7f6a4..58b0bed92 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -225,11 +225,11 @@ sub handle_in_bandwidth( $$$ ) {
if ( have_capability 'BASIC_FILTER' ) {
if ( $in_rate ) {
emit( "run_tc filter add dev $physical parent : protocol all prio 10 basic \\",
- "police mpu 64 drop rate ${in_rate}kbit burst $in_burst\n" );
+ "police mpu 64 rate ${in_rate}kbit burst $in_burst drop\n" );
} else {
emit( "run_tc filter add dev $physical parent : protocol all prio 10 \\",
"estimator $in_interval $in_decay basic \\",
- "police drop avrate ${in_avrate}kbit\n" );
+ "police avrate ${in_avrate}kbit drop\n" );
}
} else {
emit( "run_tc filter add dev $physical parent : protocol all prio 10 \\" ,
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] newer iproute2 revision in gentoo causes issues with activated traffic control
On 12/18/2017 10:11 AM, Tom Eastep wrote:
> On 12/18/2017 08:37 AM, Alexander Stoll wrote:
>> Hello
>>
>> I want to bring to your attention that at least gentoo stabilized
>> iproute 4.14.x (4.4.0 was old stable) which obviously needs new
>> parameters for tc command when enabled in shorewall.
>>
>> Are you already aware of this issue?
>>
>> Please refer also to this bug:
>> https://bugs.gentoo.org/640766
>>
>> No progress on this bug visible...
>>
>
> We were not aware of this issue, but I have reproduced it with
> iproute2-4.13.0.
>
Patch attached.
-Tom
--
Tom Eastep\ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\___
diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 49dc7f6a4..deadd1700 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -225,11 +225,11 @@ sub handle_in_bandwidth( $$$ ) {
if ( have_capability 'BASIC_FILTER' ) {
if ( $in_rate ) {
emit( "run_tc filter add dev $physical parent : protocol all prio 10 basic \\",
- "police mpu 64 drop rate ${in_rate}kbit burst $in_burst\n" );
+ "police mpu 64 ate ${in_rate}kbit burst $in_burst drop\n" );
} else {
emit( "run_tc filter add dev $physical parent : protocol all prio 10 \\",
"estimator $in_interval $in_decay basic \\",
- "police drop avrate ${in_avrate}kbit\n" );
+ "police avrate ${in_avrate}kbit drop\n" );
}
} else {
emit( "run_tc filter add dev $physical parent : protocol all prio 10 \\" ,
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] newer iproute2 revision in gentoo causes issues with activated traffic control
On 12/18/2017 08:37 AM, Alexander Stoll wrote: > Hello > > I want to bring to your attention that at least gentoo stabilized > iproute 4.14.x (4.4.0 was old stable) which obviously needs new > parameters for tc command when enabled in shorewall. > > Are you already aware of this issue? > > Please refer also to this bug: > https://bugs.gentoo.org/640766 > > No progress on this bug visible... > We were not aware of this issue, but I have reproduced it with iproute2-4.13.0. -Tom -- Tom Eastep\ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \___ signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
[Shorewall-users] newer iproute2 revision in gentoo causes issues with activated traffic control
Hello I want to bring to your attention that at least gentoo stabilized iproute 4.14.x (4.4.0 was old stable) which obviously needs new parameters for tc command when enabled in shorewall. Are you already aware of this issue? Please refer also to this bug: https://bugs.gentoo.org/640766 No progress on this bug visible... Best regards -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
