On 09/29/2017 01:57 PM, Tom Eastep wrote: > On 09/29/2017 01:54 PM, Vieri Di Paola via Shorewall-users wrote: >> >> ________________________________ >> From: Tom Eastep <[email protected]> >>> >>> It is the *next to the last* rule that is causing the problem. >> >> >> OK, so my problem is that I wrote the following in my mangle file: >> >> MARK(1-3):P 0.0.0.0/0 0.0.0.0/0 tcp,udp 53 >> >> and it translated to: >> >> Chain tcpre >> >> [...] >> 7784 6738K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 >> statistic mode nth every 3 MARK xset 0x1/0xff >> 7783 6764K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 >> statistic mode nth every 3 packet 1 MARK xset 0x2/0xff >> 7783 6623K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 >> statistic mode nth every 3 packet 2 MARK xset 0x3/0xff >> >> I erroneously thought that I could "balance" DNS traffic among the first 3 >> providers. >> >> It can't be done here, right? > > It appears that the entry is not being translated correctly, as it is > missing the protocols and port. So take it out for now.
I just released 5.1.7.2 which correctly handles your rule. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
