Hello, As the 4.5.2.2 tcrules manpage shows, the default chain for DSCP marks is postrouting. Is this still true if shorewall.conf has the ''MARK_IN_FORWARD_CHAIN=Yes'' option ? Thanks. ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 04/20/2012 06:47 AM, Fred Maillou wrote:> Hello, > > As the 4.5.2.2 tcrules manpage shows, the default chain for DSCP marks > is postrouting. Is this still true if shorewall.conf has the > ''MARK_IN_FORWARD_CHAIN=Yes'' option ?Actually, the manpage is wrong -- the default chain is the same as for MARK rules. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 04/20/2012 06:47 AM, Fred Maillou wrote:>> As the 4.5.2.2 tcrules manpage shows, the default chain for >> DSCP marks is postrouting. Is this still true if >> shorewall.conf has the > ''MARK_IN_FORWARD_CHAIN=Yes'' option ?> Actually, the manpage is wrong -- the default chain is the same > as for MARK rules.So this means for instance that when ''MARK_IN_FORWARD_CHAIN=Yes'' is set, the default is FORWARD, and the available other locations are PREROUTING and POSTROUTING ? Thanks. ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
On 04/23/2012 06:32 AM, Fred Maillou wrote:> On 04/20/2012 06:47 AM, Fred Maillou wrote: > >>> As the 4.5.2.2 tcrules manpage shows, the default chain for >>> DSCP marks is postrouting. Is this still true if >>> shorewall.conf has the > ''MARK_IN_FORWARD_CHAIN=Yes'' option ? > >> Actually, the manpage is wrong -- the default chain is the same >> as for MARK rules. > > So this means for instance that when ''MARK_IN_FORWARD_CHAIN=Yes'' > is set, the default is FORWARD, and the available other locations > are PREROUTING and POSTROUTING ?Yes. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2