done
config_get type "$section" TYPE
case "$type" in
- classify) unset pkt; append "$var" "-m mark --mark 0";;
- default) pkt=1; append "$var" "-m mark --mark 0";;
+ classify) unset pkt; append "$var" "-m mark --mark 0/0xff";;
+ default) pkt=1; append "$var" "-m mark --mark 0/0xff";;
reclassify) pkt=1;;
esac
append "$var" "${proto:+-p $proto}"
config_get class "${value##!}" classnr
[ -z "$class" ] && continue;
case "$value" in
- !*) append "$var" "-m mark ! --mark $class";;
- *) append "$var" "-m mark --mark $class";;
+ !*) append "$var" "-m mark ! --mark $class/0xff";;
+ *) append "$var" "-m mark --mark $class/0xff";;
esac
;;
1:TOS)
unset iptrule
}
- parse_matching_rule iptrule "$rule" "$options" "$prefix" "-j MARK --set-mark $target"
+ parse_matching_rule iptrule "$rule" "$options" "$prefix" "-j MARK --set-mark $target/0xff"
append "$var" "$iptrule" "$N"
done
}
config_get maxsize "$class" maxsize
[ -z "$maxsize" -o -z "$mark" ] || {
add_insmod ipt_length
- append pktrules "iptables -t mangle -A qos_${cg} -m mark --mark $mark -m length --length $maxsize: -j MARK --set-mark 0" "$N"
+ append pktrules "iptables -t mangle -A qos_${cg} -m mark --mark $mark/0xff -m length --length $maxsize: -j MARK --set-mark 0/0xff" "$N"
}
done
add_rules pktrules "$rules" "iptables -t mangle -A qos_${cg}"
$INSMOD
iptables -t mangle -N qos_${cg} >&- 2>&-
iptables -t mangle -N qos_${cg}_ct >&- 2>&-
-${iptrules:+${iptrules}${N}iptables -t mangle -A qos_${cg}_ct -j CONNMARK --save-mark}
-iptables -t mangle -A qos_${cg} -j CONNMARK --restore-mark
-iptables -t mangle -A qos_${cg} -m mark --mark 0 -j qos_${cg}_ct
+${iptrules:+${iptrules}${N}iptables -t mangle -A qos_${cg}_ct -j CONNMARK --save-mark --mask 0xff}
+iptables -t mangle -A qos_${cg} -j CONNMARK --restore-mark --mask 0xff
+iptables -t mangle -A qos_${cg} -m mark --mark 0/0xff -j qos_${cg}_ct
$pktrules
$up$N${down:+${down}$N}
EOF
start_interfaces
;;
firewall)
- start_firewall
+ case "$2" in
+ stop)
+ stop_firewall
+ ;;
+ start|"")
+ start_firewall
+ ;;
+ esac
;;
esac