-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Eastep wrote: > Brian J. Murrell wrote: >> On Thu, 2007-19-04 at 07:12 -0700, Tom Eastep wrote: >>> I'm lost. What is the difference between that and what HIGH_ROUTE_MARKS=Yes >>> does already (except for the width of the fields). >> Nothing at all. What I am proposing is in fact an emulation of >> HIGH_ROUTE_MARKS=Yes without using HIGH_ROUTE_MARKS=Yes. > >>> I believe that to do what >>> you are proposing requires the same capabilities. >> But doesn't require that the kernel/iptables support "both the extended >> CONNMARK target and the extended connmark match capabilities" which my >> kernel does not unfortunately: > >> shorewall-lite show capabilities >> ... >> Extended CONNMARK Target: Available >> ... >> Extended MARK Target: Not available >> ... > > > Then I would suggest that you just patch out the one place in the code > that requires that capability with HIGH_ROUTE_MARKS=Yes.
Turns out that there are two places. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGJ6WbO/MAbZfjDLIRAj9hAJ0ZzQI95AiBUpgnHFxuZYVuB81pPwCgkVQL ISAQ4jaKjWovYdSS8O1dL9M= =I3qU -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
