On 08/19/2015 11:45 AM, Brian J. Murrell wrote: > On Wed, 2015-08-19 at 11:08 -0700, Tom Eastep wrote: >> Right -- and it isn't there when I compile this configuration: >> >> shorewall trace -vvv check -r . | less
> It is here when I do the same thing: > > Checking /etc/shorewall/gw-BB/mangle... > IN===> MARK(0x400):P br-lan:!10.75.22.3,10.75.22.247 0.0.0.0/0 tcp > 80 > NF-(N)-> mangle:~excl0 > NF-(!O4)-> mangle:~excl0 > NF-(A)-> mangle:tcpre:4 -A tcpre -p 6 --dport 80 -i > br-lan -j ~excl0 > NF-(A)-> mangle:~excl0:1 -A ~excl0 -s 10.75.22.3 -j > RETURN > NF-(A)-> mangle:~excl0:2 -A ~excl0 -s 10.75.22.247 -j > RETURN > NF-(A)-> mangle:~excl0:3 -A ~excl0 -j MARK --set-mark > 0x400 > Mangle Rule "MARK(0x400):P br-lan:!10.75.22.3,10.75.22.247 0.0.0.0/0 tcp > 80" 0 > IN===> MARK(0x400):P br-guest:!10.75.22.3,10.75.22.247 0.0.0.0/0 tcp > 80 > NF-(N)-> mangle:~excl1 > NF-(!O4)-> mangle:~excl1 > NF-(A)-> mangle:tcpre:5 -A tcpre -p 6 --dport 80 -i > br-guest -j ~excl1 > NF-(A)-> mangle:~excl1:1 -A ~excl1 -s 10.75.22.3 -j > RETURN > NF-(A)-> mangle:~excl1:2 -A ~excl1 -s 10.75.22.247 -j > RETURN > NF-(A)-> mangle:~excl1:3 -A ~excl1 -j MARK --set-mark > 0x400 > Mangle Rule "MARK(0x400):P br-guest:!10.75.22.3,10.75.22.247 0.0.0.0/0 tcp > 80" 0 > ... Note that the first entry in mangle creates tcpre rule 4!! Do the same thing searching for tcpre and see what is generating rules 1-3. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
