Am Fri, 06 Aug 2010 07:20:01 -0700 schrieb Tom Eastep:
> On 8/6/10 7:00 AM, Thomas Mueller wrote:
>
>
>> FW: 192.168.236.1
>> Uploader: 192.168.236.31
>>
>>
> Then the CONNBYTES rule must be in the FORWARD chain (:F) or in the
> POSTROUTING chain (:T). By default (with MARK_IN_FORWARD_CHAIN=No),
> marking is done in the PREROUTING chain. Because of limitations in Linux
> traffic shaping which have only recently been eliminated, Shorewall
> clears all marks in forwarded packets after they have been routed.
>
> Beginning with Shorewall 4.4.10, you can set CLEAR_FORWARD_MARKS=No in
> shorewall.conf to prevent the marks from being cleared after routing.
> This is only allowed if your iproute and kernel are recent enough.
>
> -Tom
from man shorewall.ceph (4.4.11)
FORWARD_CLEAR_MARK={Yes|No}
Added in Shorewall 4.4.11 Beta 3. Traditionally, Shorewall has cleared
the packet mark in the first rule in the mangle FORWARD chain. This
behavior is maintained with the default setting
of this option (CLEAR_FORWARD_MARK=Yes). If FORWARD_CLEAR_MARK is set to
´No´, packet marks set in the mangle PREROUTING chain are retained in the
FORWARD chains.
did you mean FORWARD_CLEAR_MARK ? if yes is CLEAR_FORWARD_MARK a typo in
the man page?
- Thomas
------------------------------------------------------------------------------
This SF.net email is sponsored by
Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
