On 03/05/2016 05:28 PM, Tom Eastep wrote: > On 03/04/2016 09:45 AM, Ed W wrote: >> Hi, Can I suggest a new feature: >> >> - I seem to be ending up with quite a lot of lines in my mangle file... >> - Could it be possible to support the action.xxx method of creating new >> tables through this file? >> >> In particular I often want to do something like "if this bit in connmark >> is not set then do the following 3 things, but some of those things will >> be to set the bit". This gets complex to write in the correct order, >> being able to use actions (ie as per in the rules file) would make this >> significantly neater and less error prone. Effectively I would like to >> declare a (normal) shorewall custom action (just like I would for normal >> rules) and use this in the mangle file >> >> I see no reason to support a second action syntax for actions used by >> mangle, I would propose that the various included actions are simply >> processed by the rules or mangle code as appropriate (since there is a >> small change in supported options between the rules and mangle syntax). >> I guess this means carefully written actions could be used by either >> mangle or rules, but would break if you use features not supported by >> the appropriate subsystem (MARK, SAVE, LOG, etc)? >> >> Note: I do realise there are several complications in implementing this.... >> >> >> Note I am testing with 4.6.13.4. I apologies in advance if this is >> already in 5.0, it didn't appear to be (but I can see there is a fair >> amount of change happened in 5.0 wrt mangle?) >> >> Thanks for your thoughts >> > > Hello Ed, > > This is a lot of work -- but, I'm retired so I can take a look at it :-) >
Hi Ed, This will be in Shorewall 5.0.7 Beta 1. As implemented, mangle actions must be declared as such in /etc/shorewall/actions. Example: Divert mangle # TProxy Rules /etc/shorewall/action.Divert DIVERT COMB_IF - tcp - 80 DIVERT COMC_IF - tcp - 80 DIVERT br0 172.20.1.0/24 tcp - 80 /etc/shorewall/mangle: Divert - - tcp - 80 Hope you can help test it, Currently, mangle actions cannot be inlined but I can implement that if there is a demand. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://makebettercode.com/inteldaal-eval
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
