Re: [Shorewall-users] Error when using mangle mark range

Sat, 13 Dec 2014 08:16:34 -0800 

On 11/26/2014 4:25 AM, Hesham Shakil Ahmed wrote:
> Shorewall doesn’t create the correct rule when using MARK(range) in mangle
> 
> Trying the following rule: 
> 
> MARK(0x100-0x200/0xff00)      10.0.0.0/8      0.0.0.0/0
> 
> fails with error:
> Bad argument `0x100/0xff00'
> Error occurred at line: 90
> Try `iptables-restore -h' or 'iptables-restore --help' for more information.
>    ERROR: iptables-restore Failed. Input is in 
> /var/lib/shorewall/.iptables-restore-input
> 
> The rule created is "-A tcpre -s 10.0.0.0/8 -m statistic --mode nth --every 2 
> --packet 0 -j MARK 0x100/0xff00”
> 
> Its missing —set-mark after -j MARK directive
> 

My apologies for the delay in answering your email - I've been traveling
abroad for the last three weeks. The attached patch seems to correct the
problem.

Thanks,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 02e31e6..0cbde42 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -260,6 +260,8 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
            $chain ||= $designator;
            $chain ||= $default_chain;
 
+           $option = '--set-mark';
+
            my $chainref = ensure_chain( 'mangle', $chain = $chainnames{$chain} 
);
 
            for ( my $packet = 0; $packet < $marks; $packet++, $markval += 
$increment ) {

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to