While it seems to be working fine, I just want a sanity check, and can¹t find anything in the documentation that confirms or contradicts my assumption. Is it legal to order entries in tcrules so that the last-rule-takes-precedence requirements can be leveraged? In other words, are values required to be in MARK order in that file, or can the order be arbitrary? -- Keith Mitchell CTO Productivity Associates, Inc. 5625 Ruffin Rd STE 220 San Diego, CA 92123 858-495-3528 (Work) 858-495-3540 (Fax) ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
On 6/11/10 1:01 PM, Keith Mitchell wrote:> While it seems to be working fine, I just want a sanity check, and can’t > find anything in the documentation that confirms or contradicts my > assumption. > > Is it legal to order entries in tcrules so that the > last-rule-takes-precedence requirements can be leveraged? > > In other words, are values required to be in MARK order in that file, or > can the order be arbitrary?The chief thing to keep in mind about tcrules is that they are non-terminating; so even though a packet matches a rule, it is still passed on the the next rule. The net effect is that the last rule that matches a packet is generally the one that determines its final MARK value. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
On 6/11/10 2:32 PM, Tom Eastep wrote:> > On 6/11/10 1:01 PM, Keith Mitchell wrote: > > While it seems to be working fine, I just want a sanity check, and can’t > > find anything in the documentation that confirms or contradicts my > > assumption. > > > > Is it legal to order entries in tcrules so that the > > last-rule-takes-precedence requirements can be leveraged? > > > > In other words, are values required to be in MARK order in that file, or > > can the order be arbitrary? > > The chief thing to keep in mind about tcrules is that they are > non-terminating; so even though a packet matches a rule, it is still > passed on the the next rule. The net effect is that the last rule that > matches a packet is generally the one that determines its final MARK > value. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ >That works perfectly for me. Thank you very much. I''ve got my file sorted by most permissive to least permissive rules order, so you''ve made my day. ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo