Hello, I would like to DSCP-mark some traffic and have this marking set when shorewall starts. The ''started'' file seems to be the place to put those extra iptables commands. Has anyone used the started file for this purpose ? Any drawbacks ? Thanks for any suggestions/comments. ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
On 02/19/2012 03:20 PM, jonetsu wrote:> Hello, > > I would like to DSCP-mark some traffic and have this marking set when > shorewall starts. The ''started'' file seems to be the place to put > those extra iptables commands. Has anyone used the started file for > this purpose ? Any drawbacks ? > > Thanks for any suggestions/comments.If you can wait until 4.5.1 is released, you can set the DSCP field with entries in /etc/shorewall/tcrules. Prior to that, you can use either the ''start'' or ''started'' extension scripts. In ''start'', you can use the ''run_iptables'' function rather than running iptables directly; if the command fails, the start/restart is aborted and the last saved ruleset (if any) is restored. In the ''started'' script, you just run iptables directly (you can use $IPTABLES to get the version specified in /etc/shorewall/shorewall.conf). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
On Mon, 20 Feb 2012 09:10:30 -0800, Tom Eastep <teastep@shorewall.net> wrote :> If you can wait until 4.5.1 is released, you can set the DSCP field > with entries in /etc/shorewall/tcrules.Thanks for the suggestions ! It''s appreciated. When would be the release of 4.5.1 ? ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
On 02/20/2012 01:42 PM, jonetsu wrote:> On Mon, 20 Feb 2012 09:10:30 -0800, > Tom Eastep <teastep@shorewall.net> wrote : > >> If you can wait until 4.5.1 is released, you can set the DSCP field >> with entries in /etc/shorewall/tcrules. > > Thanks for the suggestions ! It''s appreciated. > > When would be the release of 4.5.1 ? >The Beta containing DSCP support will be released sometime this week; probably Saturday. The final release will be around the middle of March. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
On Mon, 20 Feb 2012 13:42:56 -0800, Tom Eastep <teastep@shorewall.net> wrote :> The Beta containing DSCP support will be released sometime this week; > probably Saturday. The final release will be around the middle of > March.The way I''m going now is that I have a table of DSCP to TC marks. This table is processed when there''s some tcrules configuration. Being a table, it allows for quickly having multiple tcrules mark assigned to a single DSCP egress mark. For SIP traffic, for instance, many ports can be AF31 while RTP is EF. Although I am not sure that it provides much more easiness of configuration. After all, a tcrule can filter on many ports. Having one single DSCP mark as part of a tcrule can very well achieve the same goal w/o additional table processing overhead. Would you also think that having a DSCP-mark-to-TC-mark table is overkill ? Thanks. ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d