On Fri, Aug 24, 2012 at 06:42:59AM -0700, Tom Eastep wrote: > Laurent and I have been exchanging emails regarding this problem for > several days. While the root cause of the issue is not fully understood, > I have been able to create a simple Shorewall patch that works around > the issue. The patch unconditionally restores the connection mark to the > packet mark early in the mangle PREROUTING and OUTPUT chains. > Previously, the connection mark was restored only if it was non-zero. > > Laurent is running a 3.5.0 kernel; it is unknown whether the issue > exists when running earlier kernels but I suspect not. > > The patch will be included in all future Shorewall releases.
I'd like to thank you Tom for his great help while debugging this strange issue I've been facing. Laurent ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
