PGNd
2014-Aug-22 01:05 UTC
mangle chain created in /tcstart-invoked QoS script is cleared by end of complete 'firewall' reload?
I've cleaned up my variable naming in my external QoS tc-script.
It's defined in 'lib.private', and in process creates a new mangle
table chain, 'SHAPER_EGRESS'.
/lib.private
qos_control() {
...
function define_rules_up() {
...
/usr/sbin/iptables -t mangle -N SHAPER_EGRESS
...
}
...
case "$1" in
...
start)
define_rules_up
;;
esac
}
and invoked in
/tcstart
qos_control start
Ater `firewall start`, the firewall's up, with no apparent errors
But when I check with
shorewall show mangle
I do NOT see the SHAPER_EGRESS mangle chain.
If I modify the 'qos+control()' script with an 'exit',
/lib.private
qos_control() {
...
function define_rules_up() {
...
/usr/sbin/iptables -t mangle -N SHAPER_EGRESS
...
}
...
case "$1" in
...
start)
define_rules_up
++ exit
;;
esac
}
and then check
shorewall show mangle
I *do* see the SHAPER_EGRESS chain, and all the rules I've added to it.
But, the firewall itself isn't up
Shorewall Lite isn't started
'Something' between the exec of /tcstart, and the complete firewall
(re)load is clearing that SHAPER_EGRESS mangle chain.
I'll single-step if I have to, but --
-- any ideas as to what step in the execution flow might be clearing that chain,
and where I configure to prevent it -- i.e., to preserve my defined/populated
chain through fw (re)start?
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/