Commit 4e86d819 authored by Jerome Charaoui's avatar Jerome Charaoui

Merge branch 'feature/Add_support_for_mangle_table' into 'master'

Add support for mangle table.

When using the kernel from Debian Wheezy-backports (3.16.0-0.bpo.4-amd64), we encoutered a bug where shorewall was breaking the libvirt DHCP if restarted after it.

It seems that one has to add a rule in the POSTROUTING chain of the mangle table to --checksum-fill the DHCP packets for them to be properly catch by the VMs DHCP clients.

So we had to add support of the mangle table to the shared puppet module to fix that.

This patch does just that, and is meant to be used by the other branch I'll propose after.

See merge request !1
parents 06c50587 d97171b8
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
#
# Shorewall - Mangle File
#
# For additional information, see http://shorewall.net/manpages/shorewall-mangle.html
#
#######################################################################################
#ACTION SOURCE DESTINATION PROTO DSTPORT SRCPORT USER TEST LENGTH TOS CONNBYTES HELPER HEADERS
......@@ -68,6 +68,8 @@ class shorewall(
'tunnel',
# See http://www.shorewall.net/MultiISP.html
'rtrules',
# See http://www.shorewall.net/manpages/shorewall-mangle.html
'mangle',
]:;
}
}
define shorewall::mangle(
$source,
$destination,
$proto = '-',
$destinationport = '-',
$sourceport = '-',
$user = '-',
$test = '-',
$length = '-',
$tos = '-',
$connbytes = '-',
$helper = '-',
$headers = '-',
$order = '100'
){
shorewall::entry{"mangle-${order}-${name}":
line => "${name} ${source} ${destination} ${proto} ${destinationport} ${sourceport} ${user} ${test} ${length} ${tos} ${connbytes} ${helper} ${headers}"
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment