Hello ! I''m using tc to have traffic shaping on my adsl interface an in addition on a imq device to shape incoming traffic. Shorewall supports this so far only by setting firewall marks with the tcrules or setting tos values. It prepares packets to be filtered by tc filters. Why do you have a function delete_tc in your firewall skript that deletes all my classes when restarting shorewall ? I would suggest to have that in /etc/shorewall/start od stop. My classes / filters only should be deleted if an interface goes down. In the moment I commented this part out in your skript but I think this delete_tc doesn''t fit seamlessly in your shorewall concept... Thanks for your time. Ralf Schenk -- DATABAY AG H?ttenstra?e 7 D-52068 Aachen Telefon: (0241) 991210 Fax: (0241) 9912159 http://www.databay.de
--On Tuesday, December 31, 2002 02:24:44 AM +0100 Ralf Schenk <rs@databay.de> wrote:> Hello ! > > I''m using tc to have traffic shaping on my adsl interface an in addition > on a imq device to shape incoming traffic. Shorewall supports this so far > only by setting firewall marks with the tcrules or setting tos values. It > prepares packets to be filtered by tc filters. > > Why do you have a function delete_tc in your firewall skript that deletes > all my classes when restarting shorewall ? > > I would suggest to have that in /etc/shorewall/start od stop. My classes > / filters only should be deleted if an interface goes down. > > In the moment I commented this part out in your skript but I think this > delete_tc doesn''t fit seamlessly in your shorewall concept... >delete_tc fits very will into the Shorewall concept provided that you use the /etc/shorewall/tcstart file. See http://www.shorewall.net/traffic_shaping.htm. -om -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
--On Monday, December 30, 2002 5:27 PM -0800 Tom Eastep <teastep@shorewall.net> wrote:> > delete_tc fits very will into the Shorewall concept provided that you use > the /etc/shorewall/tcstart file. See > http://www.shorewall.net/traffic_shaping.htm. >The ''firewall'' script in the ''Shorewall'' CVS thread will not clear your traffic control rules if the /etc/shorewall/tcclear returns an exit status of 255. Install that file and populate /etc/shorewall/tcclear with: #!/bin/sh exit 255 -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
--On Monday, December 30, 2002 08:02:30 PM -0800 Tom Eastep <teastep@shorewall.net> wrote:> > > --On Monday, December 30, 2002 5:27 PM -0800 Tom Eastep > <teastep@shorewall.net> wrote: > >> >> delete_tc fits very will into the Shorewall concept provided that you use >> the /etc/shorewall/tcstart file. See >> http://www.shorewall.net/traffic_shaping.htm. >> > > The ''firewall'' script in the ''Shorewall'' CVS thread will not clear your > traffic control rules if the /etc/shorewall/tcclear returns an exit > status of 255. Install that file and populate /etc/shorewall/tcclear with: > > #!/bin/sh > exit 255 >Duh -- Don''t know what I was smoking when I coded this. It doesn''t work. I''ll get something new in place today and let you know when it is ready.\ -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
--On Tuesday, December 31, 2002 07:36:07 AM -0800 Tom Eastep <teastep@shorewall.net> wrote:> > Duh -- Don''t know what I was smoking when I coded this. It doesn''t work. > > I''ll get something new in place today and let you know when it is ready.\ >Ok -- The following is taken from the ''releasenotes.txt'' file in CVS: 3. A new CLEAR_TC option has been added to shorewall.conf. If this option is set to ''No'' then Shorewall won''t clear the current traffic control rules during [re]start. This setting is intended for use by people that prefer to configure traffic shaping when the network interfaces come up rather than when the firewall is started. By setting TC_ENABLED=Yes and CLEAR_TC=No and by not supplying an /etc/shorewall/tcstart file, your traffic shaping rules can still use the ''fw'' classifier based on packet marking defined in /etc/shorewall/tcrules. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net