On 02/19/2012 03:20 PM, jonetsu wrote: > Hello, > > I would like to DSCP-mark some traffic and have this marking set when > shorewall starts. The 'started' file seems to be the place to put > those extra iptables commands. Has anyone used the started file for > this purpose ? Any drawbacks ? > > Thanks for any suggestions/comments.
If you can wait until 4.5.1 is released, you can set the DSCP field with entries in /etc/shorewall/tcrules. Prior to that, you can use either the 'start' or 'started' extension scripts. In 'start', you can use the 'run_iptables' function rather than running iptables directly; if the command fails, the start/restart is aborted and the last saved ruleset (if any) is restored. In the 'started' script, you just run iptables directly (you can use $IPTABLES to get the version specified in /etc/shorewall/shorewall.conf). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
