[Firewall] mangling TOS:

Philip A. Prindeville philipp_subx at redfish-solutions.com
Sat Mar 28 19:38:26 CET 2009


I don't think it's reasonable to have the firewall script check every
possible misconfiguration that your system might have.

That's not it's job.  It can do some basic sanity checks, but that's
about it.  Anything beyond that is a liability.

-Philip


Lampa wrote:
> Hello,
>
> yes, but idea was that that provide some error checking when starting
> because message iptables: No chain/target/match by that name is
> telling nothing about error (taget, match, chain) - what's wrong ?
>
> 2009/3/27 Arno van Amersfoort <arnova at rocky.eld.leidenuniv.nl>:
>   
>> Right. If MANGLE_TOS=1 one *should* get an error in case things fail, like
>> in your case. As Philip suggested, to get rid of it, disable MANGLE_TOS in
>> the config file...
>>
>> a.
>>
>> Philip Prindeville wrote:
>>     
>>> Lampa wrote:
>>>       
>>>> Hello,
>>>>
>>>> is not bug but some idea:
>>>>
>>>> Check if existing mangle table before mangling TOS:
>>>>
>>>> + echo 'Enabling mangling TOS'
>>>> + IFS=' ,'
>>>> + for interface in '$EXT_IF'
>>>> + /sbin/iptables -t mangle -A OUTPUT -o eth1 -p tcp --dport 20 -j TOS
>>>> --set-tos Maximize-Throughput
>>>> iptables: No chain/target/match by that name
>>>> + /sbin/iptables -t mangle -A OUTPUT -o eth1 -p tcp --dport 21 -j TOS
>>>> --set-tos Minimize-Delay
>>>> iptables: No chain/target/match by that name
>>>>
>>>> mangle isn't compiled by mistake :(
>>>>
>>>>
>>>>         
>>> And putting:
>>>
>>> MANGLE_TOS=
>>>
>>> into your firewall.conf file doesn't work????
>>>
>>> -Philip
>>>       



More information about the Firewall mailing list