Some time ago, I wrote some patches to be able to filter and masquerade traffic based on the mark imposed on the packets in tcrules. Now I ported these patches to 3.4.2, I''d like it very much if someone with some shorewall development knowledge could review them. You can find the story leading to these patches here http://www.mail-archive.com/shorewall-users@lists.sourceforge.net/msg01312.h tml Thanks Luigi ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Lux wrote:> Some time ago, I wrote some patches to be able to filter and masquerade > traffic based on the mark imposed on the packets in tcrules. Now I ported > these patches to 3.4.2, I''d like it very much if someone with some shorewall > development knowledge could review them. > You can find the story leading to these patches here > http://www.mail-archive.com/shorewall-users@lists.sourceforge.net/msg01312.h > tml > > Thanks > LuigiHi Luigi, The only problem that I see with the patches has to do with the manpages. We maintain the manpage sources in Docbook XML format and generate the manpages themselves from docbook. You can get the docbook source for the manpages from SVN (links are at http://www.shorewall.net/download.htm). They are in the shorewall/trunk/manpages directory. The Shorewall developers use XXE from xmlmind.com to maintain our docbook source files -- it''s a free download. Thanks! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote:> Lux wrote: >> Some time ago, I wrote some patches to be able to filter and masquerade >> traffic based on the mark imposed on the packets in tcrules. Now I ported >> these patches to 3.4.2, I''d like it very much if someone with some shorewall >> development knowledge could review them. >> You can find the story leading to these patches here >> http://www.mail-archive.com/shorewall-users@lists.sourceforge.net/msg01312.h >> tml >> >> Thanks >> Luigi > > Hi Luigi, > > The only problem that I see with the patches has to do with the manpages. We > maintain the manpage sources in Docbook XML format and generate the manpages > themselves from docbook. > > You can get the docbook source for the manpages from SVN (links are at > http://www.shorewall.net/download.htm). They are in the > shorewall/trunk/manpages directory. > > The Shorewall developers use XXE from xmlmind.com to maintain our docbook > source files -- it''s a free download.One more question -- do you really think it is useful to extend the rules file to include a MARK column? Did you have a usage scenario in mind? Thanks again, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
> From: shorewall-users-bounces@lists.sourceforge.net > [mailto:shorewall-users-bounces@lists.sourceforge.net]On Behalf Of Tom > Eastep> Lux wrote: > > Some time ago, I wrote some patches to be able to filter and masquerade > > traffic based on the mark imposed on the packets in tcrules. > Now I ported > > these patches to 3.4.2, I''d like it very much if someone with > some shorewall > > development knowledge could review them. > > You can find the story leading to these patches here > > > http://www.mail-archive.com/shorewall-users@lists.sourceforge.net/ > msg01312.h > > tml > > > > Thanks > > Luigi > > Hi Luigi, > > The only problem that I see with the patches has to do with the > manpages. We > maintain the manpage sources in Docbook XML format and generate > the manpages > themselves from docbook. > > You can get the docbook source for the manpages from SVN (links are at > http://www.shorewall.net/download.htm). They are in the > shorewall/trunk/manpages directory.Hi Tom I''m sorry for replying so late. Busy times, no lists.. Do you mean that if I port the man pages pathes to XML, the patches could be included in the mainstream code? Thanks Luigi ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Lux wrote:>> From: shorewall-users-bounces@lists.sourceforge.net >> [mailto:shorewall-users-bounces@lists.sourceforge.net]On Behalf Of Tom >> Eastep > >> Lux wrote: >>> Some time ago, I wrote some patches to be able to filter and masquerade >>> traffic based on the mark imposed on the packets in tcrules. >> Now I ported >>> these patches to 3.4.2, I''d like it very much if someone with >> some shorewall >>> development knowledge could review them. >>> You can find the story leading to these patches here >>> >> http://www.mail-archive.com/shorewall-users@lists.sourceforge.net/ >> msg01312.h >>> tml >>> >>> Thanks >>> Luigi >> Hi Luigi, >> >> The only problem that I see with the patches has to do with the >> manpages. We >> maintain the manpage sources in Docbook XML format and generate >> the manpages >> themselves from docbook. >> >> You can get the docbook source for the manpages from SVN (links are at >> http://www.shorewall.net/download.htm). They are in the >> shorewall/trunk/manpages directory. > > Hi Tom > > I''m sorry for replying so late. Busy times, no lists.. > Do you mean that if I port the man pages pathes to XML, the patches could be > included in the mainstream code?Yes. I''ve already included them in 3.9.6 (without manpage updates). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
> From: shorewall-users-bounces@lists.sourceforge.net > [mailto:shorewall-users-bounces@lists.sourceforge.net]On Behalf Of Tom > Eastep> Tom Eastep wrote: > > Lux wrote: > >> Some time ago, I wrote some patches to be able to filter and masquerade > >> traffic based on the mark imposed on the packets in tcrules. > Now I ported > >> these patches to 3.4.2, I''d like it very much if someone with > some shorewall > >> development knowledge could review them. > >> You can find the story leading to these patches here > >> > http://www.mail-archive.com/shorewall-users@lists.sourceforge.net/ > msg01312.h > >> tml > >> > >> Thanks > >> Luigi > > > > Hi Luigi, > > > > The only problem that I see with the patches has to do with the > manpages. We > > maintain the manpage sources in Docbook XML format and generate > the manpages > > themselves from docbook. > > > > You can get the docbook source for the manpages from SVN (links are at > > http://www.shorewall.net/download.htm). They are in the > > shorewall/trunk/manpages directory. > > > > The Shorewall developers use XXE from xmlmind.com to maintain > our docbook > > source files -- it''s a free download. > > One more question -- do you really think it is useful to extend the rules > file to include a MARK column? Did you have a usage scenario in mind?A the moment, the only really useful application of my patches I''m really sure about, is the one I wrote about on the list some time ago (two providers with only one outbound physical interface). This application involves only extending the masq file with the MARK column. I wrote the patches for tos, accounting and rules just to be cohorent. In particular, I think that having a MARK column in the rules file is handy, because if someone marks some traffic in the tcrules file, then it''s likely he wants to ACCEPT this traffic too. I agree that this extension is not strictly indispensable: one can re-write in the rules file the same rule he wrote in the tcrules file. But it seems more elegant to me to be able to refer to the mark already applied to the packets. But frankly, I did not use this feature at the moment. Regards, Luigi ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
> From: shorewall-users-bounces@lists.sourceforge.net > [mailto:shorewall-users-bounces@lists.sourceforge.net]On Behalf Of Tom > Eastep> > Do you mean that if I port the man pages pathes to XML, the > patches could be > > included in the mainstream code? > > Yes. I''ve already included them in 3.9.6 (without manpage updates).I looked into svn, and found that now the man pages contain the mark field too. So it seems that we''re done. Luigi ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Lux wrote:>> From: shorewall-users-bounces@lists.sourceforge.net >> [mailto:shorewall-users-bounces@lists.sourceforge.net]On Behalf Of Tom >> Eastep > >>> Do you mean that if I port the man pages pathes to XML, the >> patches could be >>> included in the mainstream code? >> Yes. I''ve already included them in 3.9.6 (without manpage updates). > > I looked into svn, and found that now the man pages contain the mark field > too. So it seems that we''re done.The 3.4 manpages aren''t done yet. /shorewall/branches/3.4/manpages/. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote:> Lux wrote: >>> From: shorewall-users-bounces@lists.sourceforge.net >>> [mailto:shorewall-users-bounces@lists.sourceforge.net]On Behalf Of Tom >>> Eastep >>>> Do you mean that if I port the man pages pathes to XML, the >>> patches could be >>>> included in the mainstream code? >>> Yes. I''ve already included them in 3.9.6 (without manpage updates). >> I looked into svn, and found that now the man pages contain the mark field >> too. So it seems that we''re done. > > The 3.4 manpages aren''t done yet. /shorewall/branches/3.4/manpages/. >I just notices that the download page isn''t particularly clear about the SVN organization. I''ve updated the copy at http://www1.shorewall.net/download.htm; it will get propagated via rsync shortly. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
> From: shorewall-users-bounces@lists.sourceforge.net > [mailto:shorewall-users-bounces@lists.sourceforge.net]On Behalf Of Tom > Eastep> Lux wrote: > >> From: shorewall-users-bounces@lists.sourceforge.net > >> [mailto:shorewall-users-bounces@lists.sourceforge.net]On Behalf Of Tom > >> Eastep > > > >>> Do you mean that if I port the man pages pathes to XML, the > >> patches could be > >>> included in the mainstream code? > >> Yes. I''ve already included them in 3.9.6 (without manpage updates). > > > > I looked into svn, and found that now the man pages contain the > mark field > > too. So it seems that we''re done. > > The 3.4 manpages aren''t done yet. /shorewall/branches/3.4/manpages/.Here''s the patch for the 3.4 manpages. One question: I see in the man pages of the trunk branch that the MARK column can end with ":C". This is to tell Shorewall to match the connection mark and not the packet mark. I had a look at the source, but I did not find anything that supports this feature. Am I looking at the wrong place? Luigi ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Lux wrote:>> From: shorewall-users-bounces@lists.sourceforge.net >> [mailto:shorewall-users-bounces@lists.sourceforge.net]On Behalf Of Tom >> Eastep > >> Lux wrote: >>>> From: shorewall-users-bounces@lists.sourceforge.net >>>> [mailto:shorewall-users-bounces@lists.sourceforge.net]On Behalf Of Tom >>>> Eastep >>>>> Do you mean that if I port the man pages pathes to XML, the >>>> patches could be >>>>> included in the mainstream code? >>>> Yes. I''ve already included them in 3.9.6 (without manpage updates). >>> I looked into svn, and found that now the man pages contain the >> mark field >>> too. So it seems that we''re done. >> The 3.4 manpages aren''t done yet. /shorewall/branches/3.4/manpages/. > > Here''s the patch for the 3.4 manpages. > One question: I see in the man pages of the trunk branch that the MARK > column can end with ":C". This is to tell Shorewall to match the connection > mark and not the packet mark. I had a look at the source, but I did not find > anything that supports this feature. Am I looking at the wrong place?It''s only supported by Shorewall-perl -- I need to make that clean in the manpages. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Lux wrote:>> From: shorewall-users-bounces@lists.sourceforge.net >> [mailto:shorewall-users-bounces@lists.sourceforge.net]On Behalf Of Tom >> Eastep > >> Lux wrote: >>>> From: shorewall-users-bounces@lists.sourceforge.net >>>> [mailto:shorewall-users-bounces@lists.sourceforge.net]On Behalf Of Tom >>>> Eastep >>>>> Do you mean that if I port the man pages pathes to XML, the >>>> patches could be >>>>> included in the mainstream code? >>>> Yes. I''ve already included them in 3.9.6 (without manpage updates). >>> I looked into svn, and found that now the man pages contain the >> mark field >>> too. So it seems that we''re done. >> The 3.4 manpages aren''t done yet. /shorewall/branches/3.4/manpages/. > > Here''s the patch for the 3.4 manpages.Thanks! I''ve applied it to SVN. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/