On Wed, 2007-18-04 at 14:14 -0700, Tom Eastep wrote: > > You're correct (It's been a while since I thought about why I did > HIGH_ROUTE_MARKS). So long as you don't try to use SAVE/RESTORE rules, you > should be ok. HIGH_ROUTE_MARKS provides a way to do SAVE/RESTORE safely > while still using 'track' (which also does SAVE/RESTORE).
I think even SAVE/RESTORE could be used as long as they use masks and 'track'ing used netmasks as well, no? Lets say we are marking providers with 0x40 and 0x80 (I'd prefer 0x00 and 0x80 with only two providers but working with what we have currently...). Let's say we default route (unless otherwise routed by some more specific rule) via 0x40 with: CONTINUE:P 0.0.0.0/0 0.0.0.0/0 all - - - !0/0xc0 64:P 0.0.0.0/0 64 $FW 'track' does the work of SAVE/RESTORE (albeit not with the 0xc0 mask I am proposing), restoring the connections mark, masked with 0xc0 before routing so that the ip rule fwmark works. Once a packet hits FORWARD it should be RESTORED from the connection again to restore the lower bits and then can be freely SAVEd. Am I on crack? b. -- My other computer is your Microsoft Windows server. Brian J. Murrell
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
