On 22/04/2012 00:15, Ed W wrote: > I think I will need to achieve something like: > > 0: from all lookup local > 10000: from all fwmark 0x10000/0xff0000 lookup peth0 > 10007: from all fwmark 0x80000/0xff0000 lookup pppp0 > 10011: from all fwmark 0xc0000/0xff0000 lookup pppp10 > 32000: from all fwmark 0x10000/0xff0000 lookup peth0_kill_it > 32007: from all fwmark 0x80000/0xff0000 lookup pppp0_kill_it > 32011: from all fwmark 0xc0000/0xff0000 lookup pppp10_kill_it >
I'm struggling with this - would be grateful for input I tried adding to init: ip rule add blackhole from all fwmark 0x10000/0xff0000 priority 32000 ip rule add blackhole from all fwmark 0x20000/0xff0000 priority 32000 ..etc... These match my provider marks, so I had thought that the routing match would try something like: 10000: from all fwmark 0x10000/0xff0000 lookup peth0 then 32000: from all fwmark 0x10000/0xff0000 blackhole However, either I'm testing incorrectly, or that isn't how the routing policy table actually works? Additionally the shorewall enable/disable restore_routing script is taking down this route, so I would need to investigate better integration anyway. Any offers on how to make it so that it's "route via provider X or drop the packet"? Thanks Ed W ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
