Hi Tom, TC chains are still there after applying solution(in both way OPTIMIZE=all and OPTIMIZE=31) Please tell weather I am doing it correctly or not.
For more information: Shorewall version: 4.6.6 Firewall options in shorewall.conf: ############################################################################### # F I R E W A L L O P T I O N S ############################################################################### ACCOUNTING=Yes ACCOUNTING_TABLE=filter ADD_IP_ALIASES=No ADD_SNAT_ALIASES=No ADMINISABSENTMINDED=Yes BASIC_FILTERS=No IGNOREUNKNOWNVARIABLES=No AUTOCOMMENT=Yes AUTOHELPERS=Yes AUTOMAKE=No BLACKLIST="NEW,INVALID,UNTRACKED" CHAIN_SCRIPTS=Yes CLAMPMSS=No CLEAR_TC=Yes COMPLETE=No DEFER_DNS_RESOLUTION=Yes DELETE_THEN_ADD=Yes DETECT_DNAT_IPADDRS=No DISABLE_IPV6=No DONT_LOAD= DYNAMIC_BLACKLIST=Yes EXPAND_POLICIES=Yes EXPORTMODULES=Yes FASTACCEPT=No FORWARD_CLEAR_MARK=No HELPERS= IMPLICIT_CONTINUE=No INLINE_MATCHES=Yes IPSET_WARNINGS=Yes IP_FORWARDING=On KEEP_RT_TABLES=No LEGACY_FASTSTART=Yes LOAD_HELPERS_ONLY=Yes MACLIST_TABLE=filter MACLIST_TTL= MANGLE_ENABLED=Yes MAPOLDACTIONS=No MARK_IN_FORWARD_CHAIN=No MODULE_SUFFIX=ko MULTICAST=No MUTEX_TIMEOUT=60 NULL_ROUTE_RFC1918=No OPTIMIZE=All OPTIMIZE_ACCOUNTING=No REJECT_ACTION= REQUIRE_INTERFACE=No RESTORE_DEFAULT_ROUTE=Yes RESTORE_ROUTEMARKS=Yes RETAIN_ALIASES=No ROUTE_FILTER=No SAVE_ARPTABLES=No SAVE_IPSETS=No TC_ENABLED=Internal TC_EXPERT=No TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2" TRACK_PROVIDERS=No TRACK_RULES=No USE_DEFAULT_RT=Yes USE_PHYSICAL_NAMES=No USE_RT_NAMES=No WARNOLDCAPVERSION=Yes ZONE2ZONE=- Thanks, Hitesh > > > ---------- Forwarded message ---------- > From: hitesh menghani <menghanihit...@gmail.com> > To: shorewall-users@lists.sourceforge.net > Cc: > Date: Mon, 5 Oct 2015 15:45:00 +0530 > Subject: [Shorewall-users] remove unused tc* chains > Hi All, > > I don't want tc chains(tcpre, tcpost, tcfor, tcin, tcout) to my iptables > configuration as I am not using shorewall TC. > Also mangle table have jumps to these chains which I don't want. > > I tried to remove chains from shorewall configuration by making TC_ENABLED > in shorewall.conf to "No", but chains are still coming. > > So, what configuration I need to do, so that tc* chains will not come? > Or I have to delete jump rules manually? > > Expecting reply. > > -- > --- > Thanks & Regards, > Hitesh Menghani > > > ---------- Forwarded message ---------- > From: Tom Eastep <teas...@shorewall.net> > To: shorewall-users@lists.sourceforge.net > Cc: > Date: Mon, 5 Oct 2015 07:21:14 -0700 > Subject: Re: [Shorewall-users] remove unused tc* chains > On 10/5/2015 3:15 AM, hitesh menghani wrote: > > Hi All, > > > > I don't want tc chains(tcpre, tcpost, tcfor, tcin, tcout) to my iptables > > configuration as I am not using shorewall TC. > > Also mangle table have jumps to these chains which I don't want. > > > > I tried to remove chains from shorewall configuration by > > making TC_ENABLED in shorewall.conf to "No", but chains are still coming. > > > > So, what configuration I need to do, so that tc* chains will not come? > > Or I have to delete jump rules manually? > > > > Expecting reply. > > OPTIMIZE=all (or OPTIMIZE=31 if your version of Shorewall doesn't > support 'all').0 > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > -- --- Thanks & Regards, Hitesh Menghani
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
