On 6/11/10 1:01 PM, Keith Mitchell wrote: > While it seems to be working fine, I just want a sanity check, and can’t > find anything in the documentation that confirms or contradicts my > assumption. > > Is it legal to order entries in tcrules so that the > last-rule-takes-precedence requirements can be leveraged? > > In other words, are values required to be in MARK order in that file, or > can the order be arbitrary?
The chief thing to keep in mind about tcrules is that they are non-terminating; so even though a packet matches a rule, it is still passed on the the next rule. The net effect is that the last rule that matches a packet is generally the one that determines its final MARK value. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
