Tom Eastep wrote: > [email protected] wrote: >> As suspected, Yet another error: > >> iptables-restore v1.3.5: Bad MARK value `1/255' > > Iptables 1.3.5 ( included in Centos 5.3 ) doesn't support specification > of a mask in --set-mark (or --and-mark or --or-mark). I'll see what I > can do but it will be after work before I'm able to look at this further.
I took a quick look at this and it was trivial to work around.
patch /usr/share/shorewall/Shorewall/Tc.pm < mark.diff
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index dd61ae7..e83618a 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -648,11 +648,11 @@ sub validate_tc_class( ) {
if ( $devref->{classify} ) {
warning_message "INTERFACE $device has the 'classify' option - MARK value ($mark) ignored";
} else {
- fatal_error "Invalid Mark ($mark)" unless $mark =~ /^([0-9]+|0x[0-9a-fA-F]+)$/ && numeric_value( $mark ) <= 0xff;
-
$markval = numeric_value( $mark );
fatal_error "Invalid MARK ($markval)" unless defined $markval;
+ fatal_error "Invalid Mark ($mark)" unless $markval <= ( $config{WIDE_TC_MARKS} ? 0xffff : 0xff );
+
if ( $classnumber ) {
fatal_error "Duplicate Class NUMBER ($classnumber)" if $tcref->{$classnumber};
} else {
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
