On Mon, 2020-02-24 at 12:27 -0800, Tom Eastep wrote: > > You apparently have FORWARD_CLEAR_MARK=Yes or it is defaulting to > Yes.
Indeed. That was it. > Set it to No to be sure. Done. mangle table is empty now, but is [re-]set to empty by Shorewall. > You can try creating a capabilities file then manually setting > > MANGLE_ENABLED= > > in the capabilities file. YMMV. That does work. I wonder if something more elegant could be done though. Would it be infeasible to just leave the mangle table alone if there is no Shorewall configuration that needs to use it? Or alternatively, a shorewall.conf option? Personally I like the former, but the latter is most certainly a step up from mangling (NPI -- OK, maybe kinda) the capabilities file after it's created. Cheers, b.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
