-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 11/29/2016 06:56 AM, Bill Shirley wrote:
> Santa, add to my Christmas wish list: the switch test in the mangle
> table. I have two sites (SiteA and SiteB) both using IPSEC. SiteA
> has two internet providers (A1 and A2) SiteB, also, has two ISPs
> (B1 and B2)
>
> In my mangle table I have to decide which pair to send traffic
> over: ?COMMENT -vpn- mark for encryption # these are in reverse
> preference #$SiteB_VPN1_FWMARK/$CONNMASK $FW +$SiteB_VPN1_IPSET
> { test=$SiteB_VPN_GRP_MARK/$CONNMASK:C } # A1 <-> B1
> $SiteB_VPN2_FWMARK/$CONNMASK $FW +$SiteB_VPN2_IPSET {
> test=$SiteB_VPN_GRP_MARK/$CONNMASK:C } # A2 <-> B2
> $SiteB_VPN1_FWMARK/$CONNMASK $FW +$SiteB_VPN1_IPSET {
> test=$SiteB_VPN_GRP_MARK/$CONNMASK:C } # A1 <-> B1 So the
> preferred flow is over A1 <-> B1. However if that flow goes
> flakey, currently I un-comment the first rule and comment the third
> rule so the preferred flow is now over A2 <-> B2. If I could add a
> switch to the third rule (switch=VPN_prefer_A=1) then I wouldn't
> have to edit the mangle table to change preferred flows. Similar
> rules are in prerouting.
Will be in the upcoming Shorewall 5.1.0 release.
>
> I'd also like a shinny new red wagon and maybe some cash. :-)
>
You will have to ask the other Santa Claus for those :-)
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJYPhFQAAoJEJbms/JCOk0QdQoP/iKObLTFY0cUKkYsDYTl9aHx
Li/RlroYUoh4WArzEYFUnfacS/HfiDU6uAOoZfS+tnO9VYEV1a1uvBFBjo/kTxyD
CriDj/OUl27UfZt28kkZp90e1QwKN//Ewd2JiOnL6B44eM/WIVObPCoxUNAYl6X9
n+KIv7ncr8heWvOjtstCquBJbrYmaXWxGjuZDlWcHVIMc76cdSO/vYVQGq4q0bun
K/QBMCYV6G+Z7NsNTA78iNF1h6ucQiM3LEza+XEeUZZgeR1nvLpGS2k91XAQ8tVO
7nKpsF/AhdhujOWy3bq3b0kt8dA7TpV/IJRtAE0fLqQMoDLs2o/lydwBk1TxXgYE
ldJL9UdvduGT7u2CX7NUECFQ7tjRYyanSkHLc6yL/YAJBghymueszjff3frix+d6
GkI/pmdVDUeTmA6c2GxtI0aGwKg7HxMDKbMgBrF9dH0MjhZ+rd5soI4qyBesByE+
JPRz519xtYq0HfbOPOJU9PD6KNmgwApVIcm8EAdhtiOg4tSrqfAiBHqsbsm1Viwu
SKtgOrQzhSNJ/O09CKKcx7dgnMXVSqw97fIwEGH9i7T4p5fM9pvPOtfchG+mkXzv
R1+zM5xvfx4mutvNFWCnmJR2gzHa8d/+Lh5I0p1w4aFMzgKcYwZZCNebJ2BPTUkK
C9YXue1rQGTUQ0yb0Y/z
=/9O7
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
