diff --git a/Shorewall-core/lib.common b/Shorewall-core/lib.common
index 8b8721e12..807cb9d53 100644
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@@ -411,7 +411,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
[ -d $directory ] && moduledirectories="$moduledirectories $directory"
done
- [ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules)
+ modules=$(find_file helpers)
if [ -f $modules -a -n "$moduledirectories" ]; then
[ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
diff --git a/Shorewall-lite/install.sh b/Shorewall-lite/install.sh
index a69946822..42dddcb12 100755
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -426,6 +426,11 @@ echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shor
if [ -f modules ]; then
install_file modules ${DESTDIR}${SHAREDIR}/$PRODUCT/modules 0600
echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
+
+ for f in modules.*; do
+ install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
+ echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
+ done
fi
if [ -f helpers ]; then
@@ -433,11 +438,6 @@ if [ -f helpers ]; then
echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
fi
-for f in modules.*; do
- install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
- echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
-done
-
#
# Install the Man Pages
#
diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm
index 30145b661..a666af0b0 100644
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@@ -384,7 +384,7 @@ sub generate_script_3() {
save_progress_message 'Initializing...';
if ( $export || $config{EXPORTMODULES} ) {
- my $fn = find_file( $config{LOAD_HELPERS_ONLY} ? 'helpers' : 'modules' );
+ my $fn = find_file( 'helpers' );
if ( -f $fn && ( $config{EXPORTMODULES} || ( $export && ! $fn =~ "^$globals{SHAREDIR}/" ) ) ) {
emit 'echo MODULESDIR=\"$MODULESDIR\" > ${VARDIR}/.modulesdir';
diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 303cbb335..0b6c2fe0c 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -396,7 +396,7 @@ our %renamed = ( AUTO_COMMENT => 'AUTOCOMMENT', BLACKLIST_LOGLEVEL => 'BLACKLIST
#
# Config options and global settings that are to be copied to output script
#
-our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY RESTART/;
+our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR LOCKFILE SUBSYSLOCK LOG_VERBOSITY RESTART/;
#
# From parsing the capabilities file or detecting capabilities
#
@@ -732,18 +732,19 @@ our %converted = (
#
# Eliminated options
#
-our %eliminated = ( LOGRATE => 1,
- LOGBURST => 1,
- EXPORTPARAMS => 1,
- LEGACY_FASTSTART => 1,
- IPSECFILE => 1,
- WIDE_TC_MARKS => 1,
- HIGH_ROUTE_MARKS => 1,
- BLACKLISTNEWONLY => 1,
- CHAIN_SCRIPTS => 1,
- MODULE_SUFFIX => 1,
- MAPOLDACTIONS => 1,
- INLINE_MATCHES => 1,
+our %eliminated = ( LOGRATE => 1,
+ LOGBURST => 1,
+ EXPORTPARAMS => 1,
+ LEGACY_FASTSTART => 1,
+ IPSECFILE => 1,
+ WIDE_TC_MARKS => 1,
+ HIGH_ROUTE_MARKS => 1,
+ BLACKLISTNEWONLY => 1,
+ CHAIN_SCRIPTS => 1,
+ MODULE_SUFFIX => 1,
+ MAPOLDACTIONS => 1,
+ INLINE_MATCHES => 1,
+ LOAD_HELPERS_ONLY => 1,
);
#
# Variables involved in ?IF, ?ELSE ?ENDIF processing
@@ -981,7 +982,6 @@ sub initialize( $;$$$) {
OPTIMIZE_ACCOUNTING => undef,
ACCOUNTING_TABLE => undef,
DYNAMIC_BLACKLIST => undef,
- LOAD_HELPERS_ONLY => undef,
REQUIRE_INTERFACE => undef,
FORWARD_CLEAR_MARK => undef,
COMPLETE => undef,
@@ -4453,7 +4453,7 @@ sub load_kernel_modules( ) {
push @moduledirectories, $_ if -d $_;
}
- if ( $moduleloader && @moduledirectories && open_file( $config{LOAD_HELPERS_ONLY} ? 'helpers' : 'modules' ) ) {
+ if ( $moduleloader && @moduledirectories && open_file( 'helpers' ) ) {
my %loadedmodules;
$loadedmodules{$_}++ for split_list( $config{DONT_LOAD}, 'module' );
@@ -5252,111 +5252,6 @@ sub determine_capabilities() {
qt1( "$iptables $iptablesw -A $sillyname -m state --state ESTABLISHED,RELATED -j ACCEPT");;
$globals{KLUDGEFREE} = $capabilities{KLUDGEFREE} = detect_capability 'KLUDGEFREE';
-
- unless ( $config{ LOAD_HELPERS_ONLY } ) {
- #
- # Using 'detect_capability()' is a bit less efficient than calling the individual detection
- # functions but it ensures that %detect_capability is initialized properly.
- #
- $capabilities{NAT_ENABLED} = detect_capability( 'NAT_ENABLED' );
- $capabilities{PERSISTENT_SNAT} = detect_capability( 'PERSISTENT_SNAT' );
- $capabilities{NAT_INPUT_CHAIN} = detect_capability( 'NAT_INPUT_CHAIN' );
- $capabilities{MANGLE_ENABLED} = detect_capability( 'MANGLE_ENABLED' );
-
- if ( $capabilities{CONNTRACK_MATCH} = detect_capability( 'CONNTRACK_MATCH' ) ) {
- $capabilities{NEW_CONNTRACK_MATCH} = detect_capability( 'NEW_CONNTRACK_MATCH' );
- $capabilities{OLD_CONNTRACK_MATCH} = detect_capability( 'OLD_CONNTRACK_MATCH' );
- } else {
- $capabilities{NEW_CONNTRACK_MATCH} = '';
- $capabilities{OLD_CONNTRACK_MATCH} = '';
- }
-
- $capabilities{ MULTIPORT } = detect_capability( 'MULTIPORT' );
- $capabilities{XMULTIPORT} = detect_capability( 'XMULTIPORT' );
- $capabilities{EMULTIPORT} = detect_capability( 'EMULTIPORT' );
- $capabilities{POLICY_MATCH} = detect_capability( 'POLICY_MATCH' );
-
- if ( $capabilities{PHYSDEV_MATCH} = detect_capability( 'PHYSDEV_MATCH' ) ) {
- $capabilities{PHYSDEV_BRIDGE} = detect_capability( 'PHYSDEV_BRIDGE' );
- } else {
- $capabilities{PHYSDEV_BRIDGE} = '';
- }
-
- $capabilities{IPRANGE_MATCH} = detect_capability( 'IPRANGE_MATCH' );
- $capabilities{RECENT_MATCH} = detect_capability( 'RECENT_MATCH' );
- $capabilities{REAP_OPTION} = detect_capability( 'REAP_OPTION' );
- $capabilities{OWNER_MATCH} = detect_capability( 'OWNER_MATCH' );
- $capabilities{OWNER_NAME_MATCH}
- = detect_capability( 'OWNER_NAME_MATCH' );
- $capabilities{CONNMARK_MATCH} = detect_capability( 'CONNMARK_MATCH' );
- $capabilities{XCONNMARK_MATCH} = detect_capability( 'XCONNMARK_MATCH' );
- $capabilities{IPP2P_MATCH} = detect_capability( 'IPP2P_MATCH' );
- $capabilities{OLD_IPP2P_MATCH} = detect_capability( 'OLD_IPP2P_MATCH' );
- $capabilities{LENGTH_MATCH} = detect_capability( 'LENGTH_MATCH' );
- $capabilities{ENHANCED_REJECT} = detect_capability( 'ENHANCED_REJECT' );
- $capabilities{COMMENTS} = detect_capability( 'COMMENTS' );
- $capabilities{OLD_HL_MATCH} = detect_capability( 'OLD_HL_MATCH' );
- $capabilities{HASHLIMIT_MATCH} = detect_capability( 'HASHLIMIT_MATCH' );
- $capabilities{MARK} = detect_capability( 'MARK' );
- $capabilities{XMARK} = detect_capability( 'XMARK' );
- $capabilities{EXMARK} = detect_capability( 'EXMARK' );
- $capabilities{CONNMARK} = detect_capability( 'CONNMARK' );
- $capabilities{XCONNMARK} = detect_capability( 'XCONNMARK' );
- $capabilities{CLASSIFY_TARGET} = detect_capability( 'CLASSIFY_TARGET' );
- $capabilities{IPMARK_TARGET} = detect_capability( 'IPMARK_TARGET' );
- $capabilities{TPROXY_TARGET} = detect_capability( 'TPROXY_TARGET' );
- $capabilities{MANGLE_FORWARD} = detect_capability( 'MANGLE_FORWARD' );
- $capabilities{RAW_TABLE} = detect_capability( 'RAW_TABLE' );
- $capabilities{IPSET_MATCH} = detect_capability( 'IPSET_MATCH' );
- $capabilities{ADDRTYPE} = detect_capability( 'ADDRTYPE' );
- $capabilities{TCPMSS_MATCH} = detect_capability( 'TCPMSS_MATCH' );
- $capabilities{NFQUEUE_TARGET} = detect_capability( 'NFQUEUE_TARGET' );
- $capabilities{REALM_MATCH} = detect_capability( 'REALM_MATCH' );
- $capabilities{CONNLIMIT_MATCH} = detect_capability( 'CONNLIMIT_MATCH' );
- $capabilities{TIME_MATCH} = detect_capability( 'TIME_MATCH' );
- $capabilities{GOTO_TARGET} = detect_capability( 'GOTO_TARGET' );
- $capabilities{LOG_TARGET} = detect_capability( 'LOG_TARGET' );
- $capabilities{ULOG_TARGET} = detect_capability( 'ULOG_TARGET' );
- $capabilities{NFLOG_TARGET} = detect_capability( 'NFLOG_TARGET' );
- $capabilities{LOGMARK_TARGET} = detect_capability( 'LOGMARK_TARGET' );
- $capabilities{FLOW_FILTER} = detect_capability( 'FLOW_FILTER' );
- $capabilities{FWMARK_RT_MASK} = detect_capability( 'FWMARK_RT_MASK' );
- $capabilities{MARK_ANYWHERE} = detect_capability( 'MARK_ANYWHERE' );
- $capabilities{ACCOUNT_TARGET} = detect_capability( 'ACCOUNT_TARGET' );
- $capabilities{HEADER_MATCH} = detect_capability( 'HEADER_MATCH' );
- $capabilities{AUDIT_TARGET} = detect_capability( 'AUDIT_TARGET' );
- $capabilities{IPSET_V5} = detect_capability( 'IPSET_V5' );
- $capabilities{CONDITION_MATCH} = detect_capability( 'CONDITION_MATCH' );
- $capabilities{IPTABLES_S} = detect_capability( 'IPTABLES_S' );
- $capabilities{BASIC_FILTER} = detect_capability( 'BASIC_FILTER' );
- $capabilities{BASIC_EMATCH} = detect_capability( 'BASIC_EMATCH' );
- $capabilities{CT_TARGET} = detect_capability( 'CT_TARGET' );
- $capabilities{STATISTIC_MATCH} = detect_capability( 'STATISTIC_MATCH' );
- $capabilities{IMQ_TARGET} = detect_capability( 'IMQ_TARGET' );
- $capabilities{DSCP_MATCH} = detect_capability( 'DSCP_MATCH' );
- $capabilities{DSCP_TARGET} = detect_capability( 'DSCP_TARGET' );
- $capabilities{GEOIP_MATCH} = detect_capability( 'GEOIP_MATCH' );
- $capabilities{RPFILTER_MATCH} = detect_capability( 'RPFILTER_MATCH' );
- $capabilities{NFACCT_MATCH} = detect_capability( 'NFACCT_MATCH' );
- $capabilities{CHECKSUM_TARGET} = detect_capability( 'CHECKSUM_TARGET' );
- $capabilities{ARPTABLESJF} = detect_capability( 'ARPTABLESJF' );
- $capabilities{MASQUERADE_TGT} = detect_capability( 'MASQUERADE_TGT' );
- $capabilities{UDPLITEREDIRECT} = detect_capability( 'UDPLITEREDIRECT' );
- $capabilities{NEW_TOS_MATCH} = detect_capability( 'NEW_TOS_MATCH' );
- $capabilities{TARPIT_TARGET} = detect_capability( 'TARPIT_TARGET' );
- $capabilities{IFACE_MATCH} = detect_capability( 'IFACE_MATCH' );
- $capabilities{TCPMSS_TARGET} = detect_capability( 'TCPMSS_TARGET' );
- $capabilities{CPU_FANOUT} = detect_capability( 'CPU_FANOUT' );
- $capabilities{NETMAP_TARGET} = detect_capability( 'NETMAP_TARGET' );
- $capabilities{NFLOG_SIZE} = detect_capability( 'NFLOG_SIZE' );
- $capabilities{RESTORE_WAIT_OPTION}
- = detect_capability( 'RESTORE_WAIT_OPTION' );
-
- unless ( have_capability 'CT_TARGET' ) {
- $capabilities{HELPER_MATCH} = detect_capability 'HELPER_MATCH';
- }
-
- }
}
#
@@ -6350,11 +6245,6 @@ sub get_configuration( $$$ ) {
unshift @INC, @config_path;
- #
- # get_capabilities requires that the true settings of these options be established
- #
- default_yes_no 'LOAD_HELPERS_ONLY' , 'Yes';
-
if ( ! $export && $> == 0 ) {
get_capabilities($have_capabilities);
}
@@ -6407,8 +6297,6 @@ sub get_configuration( $$$ ) {
$capabilities{$_} = 0 for grep /_HELPER/ , keys %capabilities;
}
- report_capabilities unless $config{LOAD_HELPERS_ONLY};
-
#
# Now initialize the used capabilities hash
#
@@ -7146,8 +7034,6 @@ sub get_configuration( $$$ ) {
}
convert_to_version_5_2 if $update;
-
- cleanup_iptables if $sillyname && ! $config{LOAD_HELPERS_ONLY};
}
#
diff --git a/Shorewall/Samples/Universal/shorewall.conf b/Shorewall/Samples/Universal/shorewall.conf
index 712a45e3c..90e72042e 100644
--- a/Shorewall/Samples/Universal/shorewall.conf
+++ b/Shorewall/Samples/Universal/shorewall.conf
@@ -191,8 +191,6 @@ IP_FORWARDING=On
KEEP_RT_TABLES=No
-LOAD_HELPERS_ONLY=Yes
-
MACLIST_TABLE=filter
MACLIST_TTL=
diff --git a/Shorewall/Samples/one-interface/shorewall.conf b/Shorewall/Samples/one-interface/shorewall.conf
index cafe6cc40..d1b95dae7 100644
--- a/Shorewall/Samples/one-interface/shorewall.conf
+++ b/Shorewall/Samples/one-interface/shorewall.conf
@@ -202,8 +202,6 @@ IP_FORWARDING=Off
KEEP_RT_TABLES=No
-LOAD_HELPERS_ONLY=Yes
-
MACLIST_TABLE=filter
MACLIST_TTL=
diff --git a/Shorewall/Samples/three-interfaces/shorewall.conf b/Shorewall/Samples/three-interfaces/shorewall.conf
index b38d8bca5..54af15f58 100644
--- a/Shorewall/Samples/three-interfaces/shorewall.conf
+++ b/Shorewall/Samples/three-interfaces/shorewall.conf
@@ -199,8 +199,6 @@ IP_FORWARDING=On
KEEP_RT_TABLES=No
-LOAD_HELPERS_ONLY=Yes
-
MACLIST_TABLE=filter
MACLIST_TTL=
diff --git a/Shorewall/Samples/two-interfaces/shorewall.conf b/Shorewall/Samples/two-interfaces/shorewall.conf
index cd5206855..93da85f97 100644
--- a/Shorewall/Samples/two-interfaces/shorewall.conf
+++ b/Shorewall/Samples/two-interfaces/shorewall.conf
@@ -202,8 +202,6 @@ IP_FORWARDING=On
KEEP_RT_TABLES=No
-LOAD_HELPERS_ONLY=Yes
-
MACLIST_TABLE=filter
MACLIST_TTL=
diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf
index a2188d9a7..dcfe7e96d 100644
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@@ -191,8 +191,6 @@ IP_FORWARDING=Keep
KEEP_RT_TABLES=No
-LOAD_HELPERS_ONLY=Yes
-
MACLIST_TABLE=filter
MACLIST_TTL=
diff --git a/Shorewall/install.sh b/Shorewall/install.sh
index 9010d2bdd..f1a179be3 100755
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -466,17 +466,6 @@ if [ -z "$first_install" ]; then
fi
fi
-#
-# Install the Modules file
-#
-run_install $OWNERSHIP -m 0644 modules ${DESTDIR}${SHAREDIR}/${PRODUCT}/modules
-echo "Modules file installed as ${DESTDIR}${SHAREDIR}/${PRODUCT}/modules"
-
-for f in modules.*; do
- run_install $OWNERSHIP -m 0644 $f ${DESTDIR}${SHAREDIR}/${PRODUCT}/$f
- echo "Modules file $f installed as ${DESTDIR}${SHAREDIR}/${PRODUCT}/$f"
-done
-
#
# Install the Module Helpers file
#
diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std
index df8ee8185..4ea440a30 100644
--- a/Shorewall/lib.cli-std
+++ b/Shorewall/lib.cli-std
@@ -300,19 +300,6 @@ get_config() {
;;
esac
- case $LOAD_HELPERS_ONLY in
- Yes|yes)
- ;;
- No|no)
- LOAD_HELPERS_ONLY=
- ;;
- *)
- if [ -n "$LOAD_HELPERS_ONLY" ]; then
- fatal_error "Invalid LOAD_HELPERS_ONLY setting ($LOAD_HELPERS_ONLY)"
- fi
- ;;
- esac
-
if [ -n "$WORKAROUNDS" ]; then
case $WORKAROUNDS in
[Yy]es)
diff --git a/Shorewall/manpages/shorewall-modules.xml b/Shorewall/manpages/shorewall-modules.xml
index e2047f6a5..e589eaf15 100644
--- a/Shorewall/manpages/shorewall-modules.xml
+++ b/Shorewall/manpages/shorewall-modules.xml
@@ -38,6 +38,12 @@
helpers file is used when
LOAD_HELPERS_ONLY=Yes
+
+ Beginning with Shorewall 5.2.3, the LOAD_HELPERS_ONLY option has
+ been removed and the behavior is the same as if LOAD_HELPERS_ONLY=Yes
+ was specified.
+
+
Each record in the files has the following format:
diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml
index 174f48772..2d6953782 100644
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@@ -1382,7 +1382,10 @@ net all DROP infothen the chain name is 'net-all'
of modules loaded by shorewall to those listed in
/var/lib/shorewall[6]/helpers and those that
are actually used. When not set, or set to the empty value,
- LOAD_HELPERS_ONLY=No is assumed.
+ LOAD_HELPERS_ONLY=No is assumed in Shorewall versions 5.2.2 and
+ earlier. Beginning with Shorewall 5.2.3, the LOAD_HELPERS_ONLY
+ option is removed, and the behavior is as if LOAD_HELPERS_ONLY=Yes
+ had been specified.
diff --git a/Shorewall/modules b/Shorewall/modules
deleted file mode 100644
index a35d9dce5..000000000
--- a/Shorewall/modules
+++ /dev/null
@@ -1,39 +0,0 @@
-#
-# Shorewall version 5 - Modules File
-#
-# /usr/share/shorewall/modules
-#
-# This file loads the modules that may be needed by the firewall.
-#
-# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-# dependency order. i.e., if M2 depends on M1 then you must load M1
-# before you load M2.
-#
-# If you need to modify this file, copy it to /etc/shorewall and modify the
-# copy.
-#
-###############################################################################
-#
-# Essential Modules
-#
-INCLUDE modules.essential
-#
-# Other xtables modules
-#
-INCLUDE modules.xtables
-#
-# Helpers
-#
-INCLUDE helpers
-#
-# Ipset
-#
-INCLUDE modules.ipset
-#
-# Traffic Shaping
-#
-INCLUDE modules.tc
-#
-# Extensions
-#
-INCLUDE modules.extensions
diff --git a/Shorewall/modules.essential b/Shorewall/modules.essential
deleted file mode 100644
index 5b3fdce0e..000000000
--- a/Shorewall/modules.essential
+++ /dev/null
@@ -1,32 +0,0 @@
-#
-# Shorewall -- /usr/share/shorewall/modules.essential
-#
-# Essential Modules File
-#
-# This file loads the modules that may be needed by the firewall.
-#
-# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-# dependency order. i.e., if M2 depends on M1 then you must load M1
-# before you load M2.
-#
-# If you need to modify this file, copy it to /etc/shorewall and modify the
-# copy.
-#
-###############################################################################
-#
-# Essential Modules
-#
-loadmodule nfnetlink
-loadmodule x_tables
-loadmodule ip_tables
-loadmodule iptable_filter
-loadmodule iptable_mangle
-loadmodule ip_conntrack
-loadmodule nf_conntrack
-loadmodule nf_conntrack_ipv4
-loadmodule iptable_nat
-loadmodule nf_nat
-loadmodule nf_nat_ipv4
-loadmodule iptable_raw
-loadmodule xt_state
-loadmodule xt_tcpudp
diff --git a/Shorewall/modules.extensions b/Shorewall/modules.extensions
deleted file mode 100644
index 6ef72b2f5..000000000
--- a/Shorewall/modules.extensions
+++ /dev/null
@@ -1,59 +0,0 @@
-#
-# Shorewall -- /usr/share/shorewall/modules.extensions
-#
-# Extensions Modules File
-#
-# This file loads the modules that may be needed by the firewall.
-#
-# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-# dependency order. i.e., if M2 depends on M1 then you must load M1
-# before you load M2.
-#
-# If you need to modify this file, copy it to /etc/shorewall and modify the
-# copy.
-#
-###############################################################################
-loadmodule ipt_addrtype
-loadmodule ipt_ah
-loadmodule ipt_CLASSIFY
-loadmodule ipt_CLUSTERIP
-loadmodule ipt_comment
-loadmodule ipt_connmark
-loadmodule ipt_CONNMARK
-loadmodule ipt_conntrack
-loadmodule ipt_dscp
-loadmodule ipt_DSCP
-loadmodule ipt_ecn
-loadmodule ipt_ECN
-loadmodule ipt_esp
-loadmodule ipt_hashlimit
-loadmodule ipt_helper
-loadmodule ipt_ipp2p
-loadmodule ipt_iprange
-loadmodule ipt_length
-loadmodule ipt_limit
-loadmodule ipt_mac
-loadmodule ipt_mark
-loadmodule ipt_MARK
-loadmodule ipt_MASQUERADE
-loadmodule ipt_multiport
-loadmodule ipt_NETMAP
-loadmodule ipt_NOTRACK
-loadmodule ipt_owner
-loadmodule ipt_physdev
-loadmodule ipt_pkttype
-loadmodule ipt_policy
-loadmodule ipt_realm
-loadmodule ipt_recent
-loadmodule ipt_REDIRECT
-loadmodule ipt_REJECT
-loadmodule ipt_SAME
-loadmodule ipt_sctp
-loadmodule ipt_set
-loadmodule ipt_state
-loadmodule ipt_tcpmss
-loadmodule ipt_TCPMSS
-loadmodule ipt_tos
-loadmodule ipt_TOS
-loadmodule ipt_ttl
-loadmodule ipt_TTL
diff --git a/Shorewall/modules.ipset b/Shorewall/modules.ipset
deleted file mode 100644
index 9b8f2bf63..000000000
--- a/Shorewall/modules.ipset
+++ /dev/null
@@ -1,27 +0,0 @@
-#
-# Shorewall -- /usr/share/shorewall/modules.ipset
-#
-# IP Set Modules File
-#
-# This file loads the modules that may be needed by the firewall.
-#
-# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-# dependency order. i.e., if M2 depends on M1 then you must load M1
-# before you load M2.
-#
-# If you need to modify this file, copy it to /etc/shorewall and modify the
-# copy.
-#
-###############################################################################
-loadmodule xt_set
-loadmodule ip_set
-loadmodule ip_set_iphash
-loadmodule ip_set_ipmap
-loadmodule ip_set_ipporthash
-loadmodule ip_set_iptree
-loadmodule ip_set_iptreemap
-loadmodule ip_set_macipmap
-loadmodule ip_set_nethash
-loadmodule ip_set_portmap
-loadmodule ipt_SET
-loadmodule ipt_set
diff --git a/Shorewall/modules.tc b/Shorewall/modules.tc
deleted file mode 100644
index 9a0468727..000000000
--- a/Shorewall/modules.tc
+++ /dev/null
@@ -1,27 +0,0 @@
-#
-# Shorewall -- /usr/share/shorewall/modules.tc
-#
-# Traffic Shaping Modules File
-#
-# This file loads the modules that may be needed by the firewall.
-#
-# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-# dependency order. i.e., if M2 depends on M1 then you must load M1
-# before you load M2.
-#
-# If you need to modify this file, copy it to /etc/shorewall and modify the
-# copy.
-#
-###############################################################################
-loadmodule sch_sfq
-loadmodule sch_ingress
-loadmodule sch_hfsc
-loadmodule sch_htb
-loadmodule sch_prio
-loadmodule sch_tbf
-loadmodule sch_fq_codel
-loadmodule cls_u32
-loadmodule cls_fw
-loadmodule cls_flow
-loadmodule cls_basic
-loadmodule act_police
diff --git a/Shorewall/modules.xtables b/Shorewall/modules.xtables
deleted file mode 100644
index ad9a296b0..000000000
--- a/Shorewall/modules.xtables
+++ /dev/null
@@ -1,53 +0,0 @@
-#
-# Shorewall -- /usr/share/shorewall/modules.xtables
-#
-# Xtables Modules File
-#
-# This file loads the modules that may be needed by the firewall.
-#
-# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-# dependency order. i.e., if M2 depends on M1 then you must load M1
-# before you load M2.
-#
-# If you need to modify this file, copy it to /etc/shorewall and modify the
-# copy.
-#
-###############################################################################
-loadmodule xt_AUDIT
-loadmodule xt_CLASSIFY
-loadmodule xt_connmark
-loadmodule xt_CONNMARK
-loadmodule xt_conntrack
-loadmodule xt_dccp
-loadmodule xt_dscp
-loadmodule xt_DSCP
-loadmodule xt_hashlimit
-loadmodule xt_helper
-loadmodule xt_ipp2p
-loadmodule xt_iprange
-loadmodule xt_length
-loadmodule xt_limit
-loadmodule xt_mac
-loadmodule xt_mark
-loadmodule xt_MARK
-loadmodule xt_multiport
-loadmodule xt_nat
-loadmodule xt_NFQUEUE
-loadmodule xt_owner
-loadmodule xt_physdev
-loadmodule xt_pkttype
-loadmodule xt_policy
-loadmodule xt_sctp
-loadmodule xt_tcpmss
-loadmodule xt_TCPMSS
-loadmodule xt_time
-loadmodule xt_IPMARK
-loadmodule xt_TPROXY
-#
-# From xtables-addons
-#
-loadmodule xt_condition
-loadmodule xt_geoip
-loadmodule xt_ipp2p
-loadmodule xt_LOGMARK
-loadmodule xt_RAWNAT
diff --git a/Shorewall6/Samples6/Universal/shorewall6.conf b/Shorewall6/Samples6/Universal/shorewall6.conf
index 54465dcb4..6f554c8d3 100644
--- a/Shorewall6/Samples6/Universal/shorewall6.conf
+++ b/Shorewall6/Samples6/Universal/shorewall6.conf
@@ -178,8 +178,6 @@ IP_FORWARDING=Keep
KEEP_RT_TABLES=Yes
-LOAD_HELPERS_ONLY=Yes
-
MACLIST_TABLE=filter
MACLIST_TTL=
diff --git a/Shorewall6/Samples6/one-interface/shorewall6.conf b/Shorewall6/Samples6/one-interface/shorewall6.conf
index ab7c30c03..e265c2141 100644
--- a/Shorewall6/Samples6/one-interface/shorewall6.conf
+++ b/Shorewall6/Samples6/one-interface/shorewall6.conf
@@ -179,8 +179,6 @@ IP_FORWARDING=Keep
KEEP_RT_TABLES=Yes
-LOAD_HELPERS_ONLY=Yes
-
MACLIST_TABLE=filter
MACLIST_TTL=
diff --git a/Shorewall6/Samples6/three-interfaces/shorewall6.conf b/Shorewall6/Samples6/three-interfaces/shorewall6.conf
index 55cff13e1..ac539e9f8 100644
--- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf
@@ -178,8 +178,6 @@ IP_FORWARDING=Keep
KEEP_RT_TABLES=Yes
-LOAD_HELPERS_ONLY=Yes
-
MACLIST_TABLE=filter
MACLIST_TTL=
diff --git a/Shorewall6/Samples6/two-interfaces/shorewall6.conf b/Shorewall6/Samples6/two-interfaces/shorewall6.conf
index e4aac1a73..e53bcfb0c 100644
--- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf
@@ -178,8 +178,6 @@ IP_FORWARDING=Keep
KEEP_RT_TABLES=Yes
-LOAD_HELPERS_ONLY=Yes
-
MACLIST_TABLE=filter
MACLIST_TTL=
diff --git a/Shorewall6/configfiles/shorewall6.conf b/Shorewall6/configfiles/shorewall6.conf
index 3da8b3a4a..2197d0c2f 100644
--- a/Shorewall6/configfiles/shorewall6.conf
+++ b/Shorewall6/configfiles/shorewall6.conf
@@ -178,8 +178,6 @@ IP_FORWARDING=Keep
KEEP_RT_TABLES=Yes
-LOAD_HELPERS_ONLY=Yes
-
MACLIST_TABLE=filter
MACLIST_TTL=
diff --git a/Shorewall6/modules b/Shorewall6/modules
deleted file mode 100644
index 19c663abc..000000000
--- a/Shorewall6/modules
+++ /dev/null
@@ -1,39 +0,0 @@
-#
-# Shorewall6 version 5 - Modules File
-#
-# /usr/share/shorewall6/modules
-#
-# This file loads the modules that may be needed by the firewall.
-#
-# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-# dependency order. i.e., if M2 depends on M1 then you must load M1
-# before you load M2.
-#
-# If you need to modify this file, copy it to /etc/shorewall and modify the
-# copy.
-#
-###############################################################################
-#
-# Essential Modules
-#
-INCLUDE modules.essential
-#
-# Other xtables modules
-#
-INCLUDE modules.xtables
-#
-# Helpers
-#
-INCLUDE helpers
-#
-# Ipset
-#
-INCLUDE modules.ipset
-#
-# Traffic Shaping
-#
-INCLUDE modules.tc
-#
-# Extensions
-#
-INCLUDE modules.extensions
diff --git a/Shorewall6/modules.essential b/Shorewall6/modules.essential
deleted file mode 100644
index 7d3bdfa3d..000000000
--- a/Shorewall6/modules.essential
+++ /dev/null
@@ -1,28 +0,0 @@
-#
-# Shorewall6 -- /usr/share/shorewall6/modules.essential
-#
-# Essential Modules File
-#
-# This file loads the modules that may be needed by the firewall.
-#
-# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-# dependency order. i.e., if M2 depends on M1 then you must load M1
-# before you load M2.
-#
-# If you need to modify this file, copy it to /etc/shorewall and modify the
-# copy.
-#
-###############################################################################
-loadmodule nfnetlink
-loadmodule x_tables
-loadmodule ip6_tables
-loadmodule ip6table_filter
-loadmodule ip6table_mangle
-loadmodule ip6table_raw
-loadmodule xt_conntrack
-loadmodule nf_conntrack_ipv6
-loadmodule nf_nat
-loadmodule nf_nat_ipv6
-loadmodule xt_state
-loadmodule xt_tcpudp
-loadmodule ip6t_REJECT
diff --git a/Shorewall6/modules.extensions b/Shorewall6/modules.extensions
deleted file mode 100644
index 3c0a539bf..000000000
--- a/Shorewall6/modules.extensions
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Shorewall6 -- /usr/share/shorewall6/modules.extension
-#
-# Extensions Modules File
-#
-# This file loads the modules that may be needed by the firewall.
-#
-# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-# dependency order. i.e., if M2 depends on M1 then you must load M1
-# before you load M2.
-#
-# If you need to modify this file, copy it to /etc/shorewall and modify the
-# copy.
-#
-###############################################################################
-loadmodule ip6_queue
diff --git a/Shorewall6/modules.ipset b/Shorewall6/modules.ipset
deleted file mode 100644
index 682192da5..000000000
--- a/Shorewall6/modules.ipset
+++ /dev/null
@@ -1,27 +0,0 @@
-#
-# Shorewall6 -- /usr/share/shorewall6/modules.ipset
-#
-# IP Set Modules File
-#
-# This file loads the modules that may be needed by the firewall.
-#
-# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-# dependency order. i.e., if M2 depends on M1 then you must load M1
-# before you load M2.
-#
-# If you need to modify this file, copy it to /etc/shorewall6 and modify the
-# copy.
-#
-###############################################################################
-loadmodule xt_set
-loadmodule ip_set
-loadmodule ip_set_iphash
-loadmodule ip_set_ipmap
-loadmodule ip_set_ipporthash
-loadmodule ip_set_iptree
-loadmodule ip_set_iptreemap
-loadmodule ip_set_macipmap
-loadmodule ip_set_nethash
-loadmodule ip_set_portmap
-loadmodule ipt_SET
-loadmodule ipt_set
diff --git a/Shorewall6/modules.tc b/Shorewall6/modules.tc
deleted file mode 100644
index 39c2f5955..000000000
--- a/Shorewall6/modules.tc
+++ /dev/null
@@ -1,27 +0,0 @@
-#
-# Shorewall6 -- /usr/share/shorewall6/modules.tc
-#
-# Traffic Shaping Modules File
-#
-# This file loads the modules that may be needed by the firewall.
-#
-# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-# dependency order. i.e., if M2 depends on M1 then you must load M1
-# before you load M2.
-#
-# If you need to modify this file, copy it to /etc/shorewall and modify the
-# copy.
-#
-###############################################################################
-loadmodule sch_sfq
-loadmodule sch_ingress
-loadmodule sch_htb
-loadmodule sch_hfsc
-loadmodule sch_prio
-loadmodule sch_tbf
-loadmodule sch_fq_codel
-loadmodule cls_u32
-loadmodule cls_fw
-loadmodule cls_flow
-loadmodule cls_basic
-loadmodule act_police
diff --git a/Shorewall6/modules.xtables b/Shorewall6/modules.xtables
deleted file mode 100644
index 4c68a9342..000000000
--- a/Shorewall6/modules.xtables
+++ /dev/null
@@ -1,51 +0,0 @@
-#
-# Shorewall6 -- /usr/share/shorewall6/modules.xtables
-#
-# Xtables Modules File
-#
-# This file loads the modules that may be needed by the firewall.
-#
-# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-# dependency order. i.e., if M2 depends on M1 then you must load M1
-# before you load M2.
-#
-# If you need to modify this file, copy it to /etc/shorewall and modify the
-# copy.
-#
-###############################################################################
-loadmodule xt_AUDIT
-loadmodule xt_CLASSIFY
-loadmodule xt_connmark
-loadmodule xt_CONNMARK
-loadmodule xt_conntrack
-loadmodule xt_dccp
-loadmodule xt_dscp
-loadmodule xt_DSCP
-loadmodule xt_hashlimit
-loadmodule xt_helper
-loadmodule xt_iprange
-loadmodule xt_length
-loadmodule xt_limit
-loadmodule xt_mac
-loadmodule xt_mark
-loadmodule xt_MARK
-loadmodule xt_multiport
-loadmodule xt_NFQUEUE
-loadmodule xt_owner
-loadmodule xt_physdev
-loadmodule xt_pkttype
-loadmodule xt_policy
-loadmodule xt_sctp
-loadmodule xt_tcpmss
-loadmodule xt_TCPMSS
-loadmodule xt_time
-loadmodule xt_IPMARK
-loadmodule xt_TPROXY
-#
-# From xtables-addons
-#
-loadmodule xt_condition
-loadmodule xt_geoip
-loadmodule xt_ipp2p
-loadmodule xt_LOGMARK
-loadmodule xt_RAWNAT
diff --git a/docs/Shorewall-Lite.xml b/docs/Shorewall-Lite.xml
index e2f30eef1..19dd980ef 100644
--- a/docs/Shorewall-Lite.xml
+++ b/docs/Shorewall-Lite.xml
@@ -386,6 +386,10 @@
modules or helpers file
found on the CONFIG_PATH on the Administrative System during
compilation will be used.
+
+ In Shorewall 5.2.3, the LOAD_HELPERS_ONLY option was removed and
+ the behavior is that which was formerly obtained by setting
+ LOAD_HELPERS_ONLY=Yes.
diff --git a/docs/standalone.xml b/docs/standalone.xml
index 234527e2e..37ccaff80 100644
--- a/docs/standalone.xml
+++ b/docs/standalone.xml
@@ -486,6 +486,11 @@ root@lists:~#
/usr/share/shorewall/modules. That file does not set
sip_direct_media=0.
+
+ In Shorewall 5.2.3, the LOAD_HELPERS_ONLY option was removed and
+ the behavior is the same as if LOAD_HELPERS_ONLY=Yes.
+
+
If you need to modify either
/usr/share/shorewall/helpers or
/usr/share/shorewall/modules then copy the file to
diff --git a/docs/three-interface.xml b/docs/three-interface.xml
index 65d283bd9..ef2c097c5 100644
--- a/docs/three-interface.xml
+++ b/docs/three-interface.xml
@@ -799,6 +799,12 @@ root@lists:~#
Modify the setting of LOAD_HELPER_ONLY as necessary.
+
+
+ In Shorewall 5.2.3, the LOAD_HELPERS_ONLY option was removed, and
+ the behavior is the same as if LOAD_HELPERS_ONLY=Yes was
+ specified.
+
diff --git a/docs/two-interface.xml b/docs/two-interface.xml
index 11086bf26..72cdc0da2 100644
--- a/docs/two-interface.xml
+++ b/docs/two-interface.xml
@@ -751,6 +751,12 @@ root@lists:~#
Modify the setting of LOAD_HELPER_ONLY as necessary.
+
+
+ In Shorewall 5.2.3, the LOAD_HELPERS_ONLY option was removed, and
+ the behavior is the same as if LOAD_HELPERS_ONLY=Yes was
+ specified.
+