On 6/11/10 2:32 PM, Tom Eastep wrote:
On 6/11/10 1:01 PM, Keith Mitchell wrote:
> While it seems to be working fine, I just want a sanity check, and can’t
> find anything in the documentation that confirms or contradicts my
> assumption.
>
> Is it legal to order entries in tcrules so that the
> last-rule-takes-precedence requirements can be leveraged?
>
> In other words, are values required to be in MARK order in that file, or
> can the order be arbitrary?
The chief thing to keep in mind about tcrules is that they are
non-terminating; so even though a packet matches a rule, it is still
passed on the the next rule. The net effect is that the last rule that
matches a packet is generally the one that determines its final MARK
value.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
That works perfectly for me. Thank you very much. I've got my file
sorted by most permissive to least permissive rules order, so you've
made my day.
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
