mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-29 02:54:18 +01:00
Remove LOAD_HELPERS_ONLY
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
0982fec513
commit
8f42a6a72b
@ -411,7 +411,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
|
|||||||
[ -d $directory ] && moduledirectories="$moduledirectories $directory"
|
[ -d $directory ] && moduledirectories="$moduledirectories $directory"
|
||||||
done
|
done
|
||||||
|
|
||||||
[ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules)
|
modules=$(find_file helpers)
|
||||||
|
|
||||||
if [ -f $modules -a -n "$moduledirectories" ]; then
|
if [ -f $modules -a -n "$moduledirectories" ]; then
|
||||||
[ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
|
[ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
|
||||||
|
@ -426,6 +426,11 @@ echo "Capability file builder installed in ${DESTDIR}${LIBEXECDIR}/$PRODUCT/shor
|
|||||||
if [ -f modules ]; then
|
if [ -f modules ]; then
|
||||||
install_file modules ${DESTDIR}${SHAREDIR}/$PRODUCT/modules 0600
|
install_file modules ${DESTDIR}${SHAREDIR}/$PRODUCT/modules 0600
|
||||||
echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
|
echo "Modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/modules"
|
||||||
|
|
||||||
|
for f in modules.*; do
|
||||||
|
install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
|
||||||
|
echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
|
||||||
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -f helpers ]; then
|
if [ -f helpers ]; then
|
||||||
@ -433,11 +438,6 @@ if [ -f helpers ]; then
|
|||||||
echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
|
echo "Helper modules file installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/helpers"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
for f in modules.*; do
|
|
||||||
install_file $f ${DESTDIR}${SHAREDIR}/$PRODUCT/$f 0644
|
|
||||||
echo "Module file $f installed as ${DESTDIR}${SHAREDIR}/$PRODUCT/$f"
|
|
||||||
done
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Install the Man Pages
|
# Install the Man Pages
|
||||||
#
|
#
|
||||||
|
@ -384,7 +384,7 @@ sub generate_script_3() {
|
|||||||
save_progress_message 'Initializing...';
|
save_progress_message 'Initializing...';
|
||||||
|
|
||||||
if ( $export || $config{EXPORTMODULES} ) {
|
if ( $export || $config{EXPORTMODULES} ) {
|
||||||
my $fn = find_file( $config{LOAD_HELPERS_ONLY} ? 'helpers' : 'modules' );
|
my $fn = find_file( 'helpers' );
|
||||||
|
|
||||||
if ( -f $fn && ( $config{EXPORTMODULES} || ( $export && ! $fn =~ "^$globals{SHAREDIR}/" ) ) ) {
|
if ( -f $fn && ( $config{EXPORTMODULES} || ( $export && ! $fn =~ "^$globals{SHAREDIR}/" ) ) ) {
|
||||||
emit 'echo MODULESDIR=\"$MODULESDIR\" > ${VARDIR}/.modulesdir';
|
emit 'echo MODULESDIR=\"$MODULESDIR\" > ${VARDIR}/.modulesdir';
|
||||||
|
@ -396,7 +396,7 @@ our %renamed = ( AUTO_COMMENT => 'AUTOCOMMENT', BLACKLIST_LOGLEVEL => 'BLACKLIST
|
|||||||
#
|
#
|
||||||
# Config options and global settings that are to be copied to output script
|
# Config options and global settings that are to be copied to output script
|
||||||
#
|
#
|
||||||
our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY RESTART/;
|
our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR LOCKFILE SUBSYSLOCK LOG_VERBOSITY RESTART/;
|
||||||
#
|
#
|
||||||
# From parsing the capabilities file or detecting capabilities
|
# From parsing the capabilities file or detecting capabilities
|
||||||
#
|
#
|
||||||
@ -732,18 +732,19 @@ our %converted = (
|
|||||||
#
|
#
|
||||||
# Eliminated options
|
# Eliminated options
|
||||||
#
|
#
|
||||||
our %eliminated = ( LOGRATE => 1,
|
our %eliminated = ( LOGRATE => 1,
|
||||||
LOGBURST => 1,
|
LOGBURST => 1,
|
||||||
EXPORTPARAMS => 1,
|
EXPORTPARAMS => 1,
|
||||||
LEGACY_FASTSTART => 1,
|
LEGACY_FASTSTART => 1,
|
||||||
IPSECFILE => 1,
|
IPSECFILE => 1,
|
||||||
WIDE_TC_MARKS => 1,
|
WIDE_TC_MARKS => 1,
|
||||||
HIGH_ROUTE_MARKS => 1,
|
HIGH_ROUTE_MARKS => 1,
|
||||||
BLACKLISTNEWONLY => 1,
|
BLACKLISTNEWONLY => 1,
|
||||||
CHAIN_SCRIPTS => 1,
|
CHAIN_SCRIPTS => 1,
|
||||||
MODULE_SUFFIX => 1,
|
MODULE_SUFFIX => 1,
|
||||||
MAPOLDACTIONS => 1,
|
MAPOLDACTIONS => 1,
|
||||||
INLINE_MATCHES => 1,
|
INLINE_MATCHES => 1,
|
||||||
|
LOAD_HELPERS_ONLY => 1,
|
||||||
);
|
);
|
||||||
#
|
#
|
||||||
# Variables involved in ?IF, ?ELSE ?ENDIF processing
|
# Variables involved in ?IF, ?ELSE ?ENDIF processing
|
||||||
@ -981,7 +982,6 @@ sub initialize( $;$$$) {
|
|||||||
OPTIMIZE_ACCOUNTING => undef,
|
OPTIMIZE_ACCOUNTING => undef,
|
||||||
ACCOUNTING_TABLE => undef,
|
ACCOUNTING_TABLE => undef,
|
||||||
DYNAMIC_BLACKLIST => undef,
|
DYNAMIC_BLACKLIST => undef,
|
||||||
LOAD_HELPERS_ONLY => undef,
|
|
||||||
REQUIRE_INTERFACE => undef,
|
REQUIRE_INTERFACE => undef,
|
||||||
FORWARD_CLEAR_MARK => undef,
|
FORWARD_CLEAR_MARK => undef,
|
||||||
COMPLETE => undef,
|
COMPLETE => undef,
|
||||||
@ -4453,7 +4453,7 @@ sub load_kernel_modules( ) {
|
|||||||
push @moduledirectories, $_ if -d $_;
|
push @moduledirectories, $_ if -d $_;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $moduleloader && @moduledirectories && open_file( $config{LOAD_HELPERS_ONLY} ? 'helpers' : 'modules' ) ) {
|
if ( $moduleloader && @moduledirectories && open_file( 'helpers' ) ) {
|
||||||
my %loadedmodules;
|
my %loadedmodules;
|
||||||
|
|
||||||
$loadedmodules{$_}++ for split_list( $config{DONT_LOAD}, 'module' );
|
$loadedmodules{$_}++ for split_list( $config{DONT_LOAD}, 'module' );
|
||||||
@ -5252,111 +5252,6 @@ sub determine_capabilities() {
|
|||||||
qt1( "$iptables $iptablesw -A $sillyname -m state --state ESTABLISHED,RELATED -j ACCEPT");;
|
qt1( "$iptables $iptablesw -A $sillyname -m state --state ESTABLISHED,RELATED -j ACCEPT");;
|
||||||
|
|
||||||
$globals{KLUDGEFREE} = $capabilities{KLUDGEFREE} = detect_capability 'KLUDGEFREE';
|
$globals{KLUDGEFREE} = $capabilities{KLUDGEFREE} = detect_capability 'KLUDGEFREE';
|
||||||
|
|
||||||
unless ( $config{ LOAD_HELPERS_ONLY } ) {
|
|
||||||
#
|
|
||||||
# Using 'detect_capability()' is a bit less efficient than calling the individual detection
|
|
||||||
# functions but it ensures that %detect_capability is initialized properly.
|
|
||||||
#
|
|
||||||
$capabilities{NAT_ENABLED} = detect_capability( 'NAT_ENABLED' );
|
|
||||||
$capabilities{PERSISTENT_SNAT} = detect_capability( 'PERSISTENT_SNAT' );
|
|
||||||
$capabilities{NAT_INPUT_CHAIN} = detect_capability( 'NAT_INPUT_CHAIN' );
|
|
||||||
$capabilities{MANGLE_ENABLED} = detect_capability( 'MANGLE_ENABLED' );
|
|
||||||
|
|
||||||
if ( $capabilities{CONNTRACK_MATCH} = detect_capability( 'CONNTRACK_MATCH' ) ) {
|
|
||||||
$capabilities{NEW_CONNTRACK_MATCH} = detect_capability( 'NEW_CONNTRACK_MATCH' );
|
|
||||||
$capabilities{OLD_CONNTRACK_MATCH} = detect_capability( 'OLD_CONNTRACK_MATCH' );
|
|
||||||
} else {
|
|
||||||
$capabilities{NEW_CONNTRACK_MATCH} = '';
|
|
||||||
$capabilities{OLD_CONNTRACK_MATCH} = '';
|
|
||||||
}
|
|
||||||
|
|
||||||
$capabilities{ MULTIPORT } = detect_capability( 'MULTIPORT' );
|
|
||||||
$capabilities{XMULTIPORT} = detect_capability( 'XMULTIPORT' );
|
|
||||||
$capabilities{EMULTIPORT} = detect_capability( 'EMULTIPORT' );
|
|
||||||
$capabilities{POLICY_MATCH} = detect_capability( 'POLICY_MATCH' );
|
|
||||||
|
|
||||||
if ( $capabilities{PHYSDEV_MATCH} = detect_capability( 'PHYSDEV_MATCH' ) ) {
|
|
||||||
$capabilities{PHYSDEV_BRIDGE} = detect_capability( 'PHYSDEV_BRIDGE' );
|
|
||||||
} else {
|
|
||||||
$capabilities{PHYSDEV_BRIDGE} = '';
|
|
||||||
}
|
|
||||||
|
|
||||||
$capabilities{IPRANGE_MATCH} = detect_capability( 'IPRANGE_MATCH' );
|
|
||||||
$capabilities{RECENT_MATCH} = detect_capability( 'RECENT_MATCH' );
|
|
||||||
$capabilities{REAP_OPTION} = detect_capability( 'REAP_OPTION' );
|
|
||||||
$capabilities{OWNER_MATCH} = detect_capability( 'OWNER_MATCH' );
|
|
||||||
$capabilities{OWNER_NAME_MATCH}
|
|
||||||
= detect_capability( 'OWNER_NAME_MATCH' );
|
|
||||||
$capabilities{CONNMARK_MATCH} = detect_capability( 'CONNMARK_MATCH' );
|
|
||||||
$capabilities{XCONNMARK_MATCH} = detect_capability( 'XCONNMARK_MATCH' );
|
|
||||||
$capabilities{IPP2P_MATCH} = detect_capability( 'IPP2P_MATCH' );
|
|
||||||
$capabilities{OLD_IPP2P_MATCH} = detect_capability( 'OLD_IPP2P_MATCH' );
|
|
||||||
$capabilities{LENGTH_MATCH} = detect_capability( 'LENGTH_MATCH' );
|
|
||||||
$capabilities{ENHANCED_REJECT} = detect_capability( 'ENHANCED_REJECT' );
|
|
||||||
$capabilities{COMMENTS} = detect_capability( 'COMMENTS' );
|
|
||||||
$capabilities{OLD_HL_MATCH} = detect_capability( 'OLD_HL_MATCH' );
|
|
||||||
$capabilities{HASHLIMIT_MATCH} = detect_capability( 'HASHLIMIT_MATCH' );
|
|
||||||
$capabilities{MARK} = detect_capability( 'MARK' );
|
|
||||||
$capabilities{XMARK} = detect_capability( 'XMARK' );
|
|
||||||
$capabilities{EXMARK} = detect_capability( 'EXMARK' );
|
|
||||||
$capabilities{CONNMARK} = detect_capability( 'CONNMARK' );
|
|
||||||
$capabilities{XCONNMARK} = detect_capability( 'XCONNMARK' );
|
|
||||||
$capabilities{CLASSIFY_TARGET} = detect_capability( 'CLASSIFY_TARGET' );
|
|
||||||
$capabilities{IPMARK_TARGET} = detect_capability( 'IPMARK_TARGET' );
|
|
||||||
$capabilities{TPROXY_TARGET} = detect_capability( 'TPROXY_TARGET' );
|
|
||||||
$capabilities{MANGLE_FORWARD} = detect_capability( 'MANGLE_FORWARD' );
|
|
||||||
$capabilities{RAW_TABLE} = detect_capability( 'RAW_TABLE' );
|
|
||||||
$capabilities{IPSET_MATCH} = detect_capability( 'IPSET_MATCH' );
|
|
||||||
$capabilities{ADDRTYPE} = detect_capability( 'ADDRTYPE' );
|
|
||||||
$capabilities{TCPMSS_MATCH} = detect_capability( 'TCPMSS_MATCH' );
|
|
||||||
$capabilities{NFQUEUE_TARGET} = detect_capability( 'NFQUEUE_TARGET' );
|
|
||||||
$capabilities{REALM_MATCH} = detect_capability( 'REALM_MATCH' );
|
|
||||||
$capabilities{CONNLIMIT_MATCH} = detect_capability( 'CONNLIMIT_MATCH' );
|
|
||||||
$capabilities{TIME_MATCH} = detect_capability( 'TIME_MATCH' );
|
|
||||||
$capabilities{GOTO_TARGET} = detect_capability( 'GOTO_TARGET' );
|
|
||||||
$capabilities{LOG_TARGET} = detect_capability( 'LOG_TARGET' );
|
|
||||||
$capabilities{ULOG_TARGET} = detect_capability( 'ULOG_TARGET' );
|
|
||||||
$capabilities{NFLOG_TARGET} = detect_capability( 'NFLOG_TARGET' );
|
|
||||||
$capabilities{LOGMARK_TARGET} = detect_capability( 'LOGMARK_TARGET' );
|
|
||||||
$capabilities{FLOW_FILTER} = detect_capability( 'FLOW_FILTER' );
|
|
||||||
$capabilities{FWMARK_RT_MASK} = detect_capability( 'FWMARK_RT_MASK' );
|
|
||||||
$capabilities{MARK_ANYWHERE} = detect_capability( 'MARK_ANYWHERE' );
|
|
||||||
$capabilities{ACCOUNT_TARGET} = detect_capability( 'ACCOUNT_TARGET' );
|
|
||||||
$capabilities{HEADER_MATCH} = detect_capability( 'HEADER_MATCH' );
|
|
||||||
$capabilities{AUDIT_TARGET} = detect_capability( 'AUDIT_TARGET' );
|
|
||||||
$capabilities{IPSET_V5} = detect_capability( 'IPSET_V5' );
|
|
||||||
$capabilities{CONDITION_MATCH} = detect_capability( 'CONDITION_MATCH' );
|
|
||||||
$capabilities{IPTABLES_S} = detect_capability( 'IPTABLES_S' );
|
|
||||||
$capabilities{BASIC_FILTER} = detect_capability( 'BASIC_FILTER' );
|
|
||||||
$capabilities{BASIC_EMATCH} = detect_capability( 'BASIC_EMATCH' );
|
|
||||||
$capabilities{CT_TARGET} = detect_capability( 'CT_TARGET' );
|
|
||||||
$capabilities{STATISTIC_MATCH} = detect_capability( 'STATISTIC_MATCH' );
|
|
||||||
$capabilities{IMQ_TARGET} = detect_capability( 'IMQ_TARGET' );
|
|
||||||
$capabilities{DSCP_MATCH} = detect_capability( 'DSCP_MATCH' );
|
|
||||||
$capabilities{DSCP_TARGET} = detect_capability( 'DSCP_TARGET' );
|
|
||||||
$capabilities{GEOIP_MATCH} = detect_capability( 'GEOIP_MATCH' );
|
|
||||||
$capabilities{RPFILTER_MATCH} = detect_capability( 'RPFILTER_MATCH' );
|
|
||||||
$capabilities{NFACCT_MATCH} = detect_capability( 'NFACCT_MATCH' );
|
|
||||||
$capabilities{CHECKSUM_TARGET} = detect_capability( 'CHECKSUM_TARGET' );
|
|
||||||
$capabilities{ARPTABLESJF} = detect_capability( 'ARPTABLESJF' );
|
|
||||||
$capabilities{MASQUERADE_TGT} = detect_capability( 'MASQUERADE_TGT' );
|
|
||||||
$capabilities{UDPLITEREDIRECT} = detect_capability( 'UDPLITEREDIRECT' );
|
|
||||||
$capabilities{NEW_TOS_MATCH} = detect_capability( 'NEW_TOS_MATCH' );
|
|
||||||
$capabilities{TARPIT_TARGET} = detect_capability( 'TARPIT_TARGET' );
|
|
||||||
$capabilities{IFACE_MATCH} = detect_capability( 'IFACE_MATCH' );
|
|
||||||
$capabilities{TCPMSS_TARGET} = detect_capability( 'TCPMSS_TARGET' );
|
|
||||||
$capabilities{CPU_FANOUT} = detect_capability( 'CPU_FANOUT' );
|
|
||||||
$capabilities{NETMAP_TARGET} = detect_capability( 'NETMAP_TARGET' );
|
|
||||||
$capabilities{NFLOG_SIZE} = detect_capability( 'NFLOG_SIZE' );
|
|
||||||
$capabilities{RESTORE_WAIT_OPTION}
|
|
||||||
= detect_capability( 'RESTORE_WAIT_OPTION' );
|
|
||||||
|
|
||||||
unless ( have_capability 'CT_TARGET' ) {
|
|
||||||
$capabilities{HELPER_MATCH} = detect_capability 'HELPER_MATCH';
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -6350,11 +6245,6 @@ sub get_configuration( $$$ ) {
|
|||||||
|
|
||||||
unshift @INC, @config_path;
|
unshift @INC, @config_path;
|
||||||
|
|
||||||
#
|
|
||||||
# get_capabilities requires that the true settings of these options be established
|
|
||||||
#
|
|
||||||
default_yes_no 'LOAD_HELPERS_ONLY' , 'Yes';
|
|
||||||
|
|
||||||
if ( ! $export && $> == 0 ) {
|
if ( ! $export && $> == 0 ) {
|
||||||
get_capabilities($have_capabilities);
|
get_capabilities($have_capabilities);
|
||||||
}
|
}
|
||||||
@ -6407,8 +6297,6 @@ sub get_configuration( $$$ ) {
|
|||||||
$capabilities{$_} = 0 for grep /_HELPER/ , keys %capabilities;
|
$capabilities{$_} = 0 for grep /_HELPER/ , keys %capabilities;
|
||||||
}
|
}
|
||||||
|
|
||||||
report_capabilities unless $config{LOAD_HELPERS_ONLY};
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Now initialize the used capabilities hash
|
# Now initialize the used capabilities hash
|
||||||
#
|
#
|
||||||
@ -7146,8 +7034,6 @@ sub get_configuration( $$$ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
convert_to_version_5_2 if $update;
|
convert_to_version_5_2 if $update;
|
||||||
|
|
||||||
cleanup_iptables if $sillyname && ! $config{LOAD_HELPERS_ONLY};
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -191,8 +191,6 @@ IP_FORWARDING=On
|
|||||||
|
|
||||||
KEEP_RT_TABLES=No
|
KEEP_RT_TABLES=No
|
||||||
|
|
||||||
LOAD_HELPERS_ONLY=Yes
|
|
||||||
|
|
||||||
MACLIST_TABLE=filter
|
MACLIST_TABLE=filter
|
||||||
|
|
||||||
MACLIST_TTL=
|
MACLIST_TTL=
|
||||||
|
@ -202,8 +202,6 @@ IP_FORWARDING=Off
|
|||||||
|
|
||||||
KEEP_RT_TABLES=No
|
KEEP_RT_TABLES=No
|
||||||
|
|
||||||
LOAD_HELPERS_ONLY=Yes
|
|
||||||
|
|
||||||
MACLIST_TABLE=filter
|
MACLIST_TABLE=filter
|
||||||
|
|
||||||
MACLIST_TTL=
|
MACLIST_TTL=
|
||||||
|
@ -199,8 +199,6 @@ IP_FORWARDING=On
|
|||||||
|
|
||||||
KEEP_RT_TABLES=No
|
KEEP_RT_TABLES=No
|
||||||
|
|
||||||
LOAD_HELPERS_ONLY=Yes
|
|
||||||
|
|
||||||
MACLIST_TABLE=filter
|
MACLIST_TABLE=filter
|
||||||
|
|
||||||
MACLIST_TTL=
|
MACLIST_TTL=
|
||||||
|
@ -202,8 +202,6 @@ IP_FORWARDING=On
|
|||||||
|
|
||||||
KEEP_RT_TABLES=No
|
KEEP_RT_TABLES=No
|
||||||
|
|
||||||
LOAD_HELPERS_ONLY=Yes
|
|
||||||
|
|
||||||
MACLIST_TABLE=filter
|
MACLIST_TABLE=filter
|
||||||
|
|
||||||
MACLIST_TTL=
|
MACLIST_TTL=
|
||||||
|
@ -191,8 +191,6 @@ IP_FORWARDING=Keep
|
|||||||
|
|
||||||
KEEP_RT_TABLES=No
|
KEEP_RT_TABLES=No
|
||||||
|
|
||||||
LOAD_HELPERS_ONLY=Yes
|
|
||||||
|
|
||||||
MACLIST_TABLE=filter
|
MACLIST_TABLE=filter
|
||||||
|
|
||||||
MACLIST_TTL=
|
MACLIST_TTL=
|
||||||
|
@ -466,17 +466,6 @@ if [ -z "$first_install" ]; then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#
|
|
||||||
# Install the Modules file
|
|
||||||
#
|
|
||||||
run_install $OWNERSHIP -m 0644 modules ${DESTDIR}${SHAREDIR}/${PRODUCT}/modules
|
|
||||||
echo "Modules file installed as ${DESTDIR}${SHAREDIR}/${PRODUCT}/modules"
|
|
||||||
|
|
||||||
for f in modules.*; do
|
|
||||||
run_install $OWNERSHIP -m 0644 $f ${DESTDIR}${SHAREDIR}/${PRODUCT}/$f
|
|
||||||
echo "Modules file $f installed as ${DESTDIR}${SHAREDIR}/${PRODUCT}/$f"
|
|
||||||
done
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Install the Module Helpers file
|
# Install the Module Helpers file
|
||||||
#
|
#
|
||||||
|
@ -300,19 +300,6 @@ get_config() {
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
case $LOAD_HELPERS_ONLY in
|
|
||||||
Yes|yes)
|
|
||||||
;;
|
|
||||||
No|no)
|
|
||||||
LOAD_HELPERS_ONLY=
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
if [ -n "$LOAD_HELPERS_ONLY" ]; then
|
|
||||||
fatal_error "Invalid LOAD_HELPERS_ONLY setting ($LOAD_HELPERS_ONLY)"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
if [ -n "$WORKAROUNDS" ]; then
|
if [ -n "$WORKAROUNDS" ]; then
|
||||||
case $WORKAROUNDS in
|
case $WORKAROUNDS in
|
||||||
[Yy]es)
|
[Yy]es)
|
||||||
|
@ -38,6 +38,12 @@
|
|||||||
<filename>helpers</filename> file is used when
|
<filename>helpers</filename> file is used when
|
||||||
LOAD_HELPERS_ONLY=Yes</para>
|
LOAD_HELPERS_ONLY=Yes</para>
|
||||||
|
|
||||||
|
<important>
|
||||||
|
<para>Beginning with Shorewall 5.2.3, the LOAD_HELPERS_ONLY option has
|
||||||
|
been removed and the behavior is the same as if LOAD_HELPERS_ONLY=Yes
|
||||||
|
was specified.</para>
|
||||||
|
</important>
|
||||||
|
|
||||||
<para>Each record in the files has the following format:</para>
|
<para>Each record in the files has the following format:</para>
|
||||||
|
|
||||||
<cmdsynopsis>
|
<cmdsynopsis>
|
||||||
|
@ -1382,7 +1382,10 @@ net all DROP info</programlisting>then the chain name is 'net-all'
|
|||||||
of modules loaded by shorewall to those listed in
|
of modules loaded by shorewall to those listed in
|
||||||
<filename>/var/lib/shorewall[6]/helpers</filename> and those that
|
<filename>/var/lib/shorewall[6]/helpers</filename> and those that
|
||||||
are actually used. When not set, or set to the empty value,
|
are actually used. When not set, or set to the empty value,
|
||||||
LOAD_HELPERS_ONLY=No is assumed.</para>
|
LOAD_HELPERS_ONLY=No is assumed in Shorewall versions 5.2.2 and
|
||||||
|
earlier. Beginning with Shorewall 5.2.3, the LOAD_HELPERS_ONLY
|
||||||
|
option is removed, and the behavior is as if LOAD_HELPERS_ONLY=Yes
|
||||||
|
had been specified.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
@ -1,39 +0,0 @@
|
|||||||
#
|
|
||||||
# Shorewall version 5 - Modules File
|
|
||||||
#
|
|
||||||
# /usr/share/shorewall/modules
|
|
||||||
#
|
|
||||||
# This file loads the modules that may be needed by the firewall.
|
|
||||||
#
|
|
||||||
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
|
|
||||||
# dependency order. i.e., if M2 depends on M1 then you must load M1
|
|
||||||
# before you load M2.
|
|
||||||
#
|
|
||||||
# If you need to modify this file, copy it to /etc/shorewall and modify the
|
|
||||||
# copy.
|
|
||||||
#
|
|
||||||
###############################################################################
|
|
||||||
#
|
|
||||||
# Essential Modules
|
|
||||||
#
|
|
||||||
INCLUDE modules.essential
|
|
||||||
#
|
|
||||||
# Other xtables modules
|
|
||||||
#
|
|
||||||
INCLUDE modules.xtables
|
|
||||||
#
|
|
||||||
# Helpers
|
|
||||||
#
|
|
||||||
INCLUDE helpers
|
|
||||||
#
|
|
||||||
# Ipset
|
|
||||||
#
|
|
||||||
INCLUDE modules.ipset
|
|
||||||
#
|
|
||||||
# Traffic Shaping
|
|
||||||
#
|
|
||||||
INCLUDE modules.tc
|
|
||||||
#
|
|
||||||
# Extensions
|
|
||||||
#
|
|
||||||
INCLUDE modules.extensions
|
|
@ -1,32 +0,0 @@
|
|||||||
#
|
|
||||||
# Shorewall -- /usr/share/shorewall/modules.essential
|
|
||||||
#
|
|
||||||
# Essential Modules File
|
|
||||||
#
|
|
||||||
# This file loads the modules that may be needed by the firewall.
|
|
||||||
#
|
|
||||||
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
|
|
||||||
# dependency order. i.e., if M2 depends on M1 then you must load M1
|
|
||||||
# before you load M2.
|
|
||||||
#
|
|
||||||
# If you need to modify this file, copy it to /etc/shorewall and modify the
|
|
||||||
# copy.
|
|
||||||
#
|
|
||||||
###############################################################################
|
|
||||||
#
|
|
||||||
# Essential Modules
|
|
||||||
#
|
|
||||||
loadmodule nfnetlink
|
|
||||||
loadmodule x_tables
|
|
||||||
loadmodule ip_tables
|
|
||||||
loadmodule iptable_filter
|
|
||||||
loadmodule iptable_mangle
|
|
||||||
loadmodule ip_conntrack
|
|
||||||
loadmodule nf_conntrack
|
|
||||||
loadmodule nf_conntrack_ipv4
|
|
||||||
loadmodule iptable_nat
|
|
||||||
loadmodule nf_nat
|
|
||||||
loadmodule nf_nat_ipv4
|
|
||||||
loadmodule iptable_raw
|
|
||||||
loadmodule xt_state
|
|
||||||
loadmodule xt_tcpudp
|
|
@ -1,59 +0,0 @@
|
|||||||
#
|
|
||||||
# Shorewall -- /usr/share/shorewall/modules.extensions
|
|
||||||
#
|
|
||||||
# Extensions Modules File
|
|
||||||
#
|
|
||||||
# This file loads the modules that may be needed by the firewall.
|
|
||||||
#
|
|
||||||
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
|
|
||||||
# dependency order. i.e., if M2 depends on M1 then you must load M1
|
|
||||||
# before you load M2.
|
|
||||||
#
|
|
||||||
# If you need to modify this file, copy it to /etc/shorewall and modify the
|
|
||||||
# copy.
|
|
||||||
#
|
|
||||||
###############################################################################
|
|
||||||
loadmodule ipt_addrtype
|
|
||||||
loadmodule ipt_ah
|
|
||||||
loadmodule ipt_CLASSIFY
|
|
||||||
loadmodule ipt_CLUSTERIP
|
|
||||||
loadmodule ipt_comment
|
|
||||||
loadmodule ipt_connmark
|
|
||||||
loadmodule ipt_CONNMARK
|
|
||||||
loadmodule ipt_conntrack
|
|
||||||
loadmodule ipt_dscp
|
|
||||||
loadmodule ipt_DSCP
|
|
||||||
loadmodule ipt_ecn
|
|
||||||
loadmodule ipt_ECN
|
|
||||||
loadmodule ipt_esp
|
|
||||||
loadmodule ipt_hashlimit
|
|
||||||
loadmodule ipt_helper
|
|
||||||
loadmodule ipt_ipp2p
|
|
||||||
loadmodule ipt_iprange
|
|
||||||
loadmodule ipt_length
|
|
||||||
loadmodule ipt_limit
|
|
||||||
loadmodule ipt_mac
|
|
||||||
loadmodule ipt_mark
|
|
||||||
loadmodule ipt_MARK
|
|
||||||
loadmodule ipt_MASQUERADE
|
|
||||||
loadmodule ipt_multiport
|
|
||||||
loadmodule ipt_NETMAP
|
|
||||||
loadmodule ipt_NOTRACK
|
|
||||||
loadmodule ipt_owner
|
|
||||||
loadmodule ipt_physdev
|
|
||||||
loadmodule ipt_pkttype
|
|
||||||
loadmodule ipt_policy
|
|
||||||
loadmodule ipt_realm
|
|
||||||
loadmodule ipt_recent
|
|
||||||
loadmodule ipt_REDIRECT
|
|
||||||
loadmodule ipt_REJECT
|
|
||||||
loadmodule ipt_SAME
|
|
||||||
loadmodule ipt_sctp
|
|
||||||
loadmodule ipt_set
|
|
||||||
loadmodule ipt_state
|
|
||||||
loadmodule ipt_tcpmss
|
|
||||||
loadmodule ipt_TCPMSS
|
|
||||||
loadmodule ipt_tos
|
|
||||||
loadmodule ipt_TOS
|
|
||||||
loadmodule ipt_ttl
|
|
||||||
loadmodule ipt_TTL
|
|
@ -1,27 +0,0 @@
|
|||||||
#
|
|
||||||
# Shorewall -- /usr/share/shorewall/modules.ipset
|
|
||||||
#
|
|
||||||
# IP Set Modules File
|
|
||||||
#
|
|
||||||
# This file loads the modules that may be needed by the firewall.
|
|
||||||
#
|
|
||||||
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
|
|
||||||
# dependency order. i.e., if M2 depends on M1 then you must load M1
|
|
||||||
# before you load M2.
|
|
||||||
#
|
|
||||||
# If you need to modify this file, copy it to /etc/shorewall and modify the
|
|
||||||
# copy.
|
|
||||||
#
|
|
||||||
###############################################################################
|
|
||||||
loadmodule xt_set
|
|
||||||
loadmodule ip_set
|
|
||||||
loadmodule ip_set_iphash
|
|
||||||
loadmodule ip_set_ipmap
|
|
||||||
loadmodule ip_set_ipporthash
|
|
||||||
loadmodule ip_set_iptree
|
|
||||||
loadmodule ip_set_iptreemap
|
|
||||||
loadmodule ip_set_macipmap
|
|
||||||
loadmodule ip_set_nethash
|
|
||||||
loadmodule ip_set_portmap
|
|
||||||
loadmodule ipt_SET
|
|
||||||
loadmodule ipt_set
|
|
@ -1,27 +0,0 @@
|
|||||||
#
|
|
||||||
# Shorewall -- /usr/share/shorewall/modules.tc
|
|
||||||
#
|
|
||||||
# Traffic Shaping Modules File
|
|
||||||
#
|
|
||||||
# This file loads the modules that may be needed by the firewall.
|
|
||||||
#
|
|
||||||
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
|
|
||||||
# dependency order. i.e., if M2 depends on M1 then you must load M1
|
|
||||||
# before you load M2.
|
|
||||||
#
|
|
||||||
# If you need to modify this file, copy it to /etc/shorewall and modify the
|
|
||||||
# copy.
|
|
||||||
#
|
|
||||||
###############################################################################
|
|
||||||
loadmodule sch_sfq
|
|
||||||
loadmodule sch_ingress
|
|
||||||
loadmodule sch_hfsc
|
|
||||||
loadmodule sch_htb
|
|
||||||
loadmodule sch_prio
|
|
||||||
loadmodule sch_tbf
|
|
||||||
loadmodule sch_fq_codel
|
|
||||||
loadmodule cls_u32
|
|
||||||
loadmodule cls_fw
|
|
||||||
loadmodule cls_flow
|
|
||||||
loadmodule cls_basic
|
|
||||||
loadmodule act_police
|
|
@ -1,53 +0,0 @@
|
|||||||
#
|
|
||||||
# Shorewall -- /usr/share/shorewall/modules.xtables
|
|
||||||
#
|
|
||||||
# Xtables Modules File
|
|
||||||
#
|
|
||||||
# This file loads the modules that may be needed by the firewall.
|
|
||||||
#
|
|
||||||
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
|
|
||||||
# dependency order. i.e., if M2 depends on M1 then you must load M1
|
|
||||||
# before you load M2.
|
|
||||||
#
|
|
||||||
# If you need to modify this file, copy it to /etc/shorewall and modify the
|
|
||||||
# copy.
|
|
||||||
#
|
|
||||||
###############################################################################
|
|
||||||
loadmodule xt_AUDIT
|
|
||||||
loadmodule xt_CLASSIFY
|
|
||||||
loadmodule xt_connmark
|
|
||||||
loadmodule xt_CONNMARK
|
|
||||||
loadmodule xt_conntrack
|
|
||||||
loadmodule xt_dccp
|
|
||||||
loadmodule xt_dscp
|
|
||||||
loadmodule xt_DSCP
|
|
||||||
loadmodule xt_hashlimit
|
|
||||||
loadmodule xt_helper
|
|
||||||
loadmodule xt_ipp2p
|
|
||||||
loadmodule xt_iprange
|
|
||||||
loadmodule xt_length
|
|
||||||
loadmodule xt_limit
|
|
||||||
loadmodule xt_mac
|
|
||||||
loadmodule xt_mark
|
|
||||||
loadmodule xt_MARK
|
|
||||||
loadmodule xt_multiport
|
|
||||||
loadmodule xt_nat
|
|
||||||
loadmodule xt_NFQUEUE
|
|
||||||
loadmodule xt_owner
|
|
||||||
loadmodule xt_physdev
|
|
||||||
loadmodule xt_pkttype
|
|
||||||
loadmodule xt_policy
|
|
||||||
loadmodule xt_sctp
|
|
||||||
loadmodule xt_tcpmss
|
|
||||||
loadmodule xt_TCPMSS
|
|
||||||
loadmodule xt_time
|
|
||||||
loadmodule xt_IPMARK
|
|
||||||
loadmodule xt_TPROXY
|
|
||||||
#
|
|
||||||
# From xtables-addons
|
|
||||||
#
|
|
||||||
loadmodule xt_condition
|
|
||||||
loadmodule xt_geoip
|
|
||||||
loadmodule xt_ipp2p
|
|
||||||
loadmodule xt_LOGMARK
|
|
||||||
loadmodule xt_RAWNAT
|
|
@ -178,8 +178,6 @@ IP_FORWARDING=Keep
|
|||||||
|
|
||||||
KEEP_RT_TABLES=Yes
|
KEEP_RT_TABLES=Yes
|
||||||
|
|
||||||
LOAD_HELPERS_ONLY=Yes
|
|
||||||
|
|
||||||
MACLIST_TABLE=filter
|
MACLIST_TABLE=filter
|
||||||
|
|
||||||
MACLIST_TTL=
|
MACLIST_TTL=
|
||||||
|
@ -179,8 +179,6 @@ IP_FORWARDING=Keep
|
|||||||
|
|
||||||
KEEP_RT_TABLES=Yes
|
KEEP_RT_TABLES=Yes
|
||||||
|
|
||||||
LOAD_HELPERS_ONLY=Yes
|
|
||||||
|
|
||||||
MACLIST_TABLE=filter
|
MACLIST_TABLE=filter
|
||||||
|
|
||||||
MACLIST_TTL=
|
MACLIST_TTL=
|
||||||
|
@ -178,8 +178,6 @@ IP_FORWARDING=Keep
|
|||||||
|
|
||||||
KEEP_RT_TABLES=Yes
|
KEEP_RT_TABLES=Yes
|
||||||
|
|
||||||
LOAD_HELPERS_ONLY=Yes
|
|
||||||
|
|
||||||
MACLIST_TABLE=filter
|
MACLIST_TABLE=filter
|
||||||
|
|
||||||
MACLIST_TTL=
|
MACLIST_TTL=
|
||||||
|
@ -178,8 +178,6 @@ IP_FORWARDING=Keep
|
|||||||
|
|
||||||
KEEP_RT_TABLES=Yes
|
KEEP_RT_TABLES=Yes
|
||||||
|
|
||||||
LOAD_HELPERS_ONLY=Yes
|
|
||||||
|
|
||||||
MACLIST_TABLE=filter
|
MACLIST_TABLE=filter
|
||||||
|
|
||||||
MACLIST_TTL=
|
MACLIST_TTL=
|
||||||
|
@ -178,8 +178,6 @@ IP_FORWARDING=Keep
|
|||||||
|
|
||||||
KEEP_RT_TABLES=Yes
|
KEEP_RT_TABLES=Yes
|
||||||
|
|
||||||
LOAD_HELPERS_ONLY=Yes
|
|
||||||
|
|
||||||
MACLIST_TABLE=filter
|
MACLIST_TABLE=filter
|
||||||
|
|
||||||
MACLIST_TTL=
|
MACLIST_TTL=
|
||||||
|
@ -1,39 +0,0 @@
|
|||||||
#
|
|
||||||
# Shorewall6 version 5 - Modules File
|
|
||||||
#
|
|
||||||
# /usr/share/shorewall6/modules
|
|
||||||
#
|
|
||||||
# This file loads the modules that may be needed by the firewall.
|
|
||||||
#
|
|
||||||
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
|
|
||||||
# dependency order. i.e., if M2 depends on M1 then you must load M1
|
|
||||||
# before you load M2.
|
|
||||||
#
|
|
||||||
# If you need to modify this file, copy it to /etc/shorewall and modify the
|
|
||||||
# copy.
|
|
||||||
#
|
|
||||||
###############################################################################
|
|
||||||
#
|
|
||||||
# Essential Modules
|
|
||||||
#
|
|
||||||
INCLUDE modules.essential
|
|
||||||
#
|
|
||||||
# Other xtables modules
|
|
||||||
#
|
|
||||||
INCLUDE modules.xtables
|
|
||||||
#
|
|
||||||
# Helpers
|
|
||||||
#
|
|
||||||
INCLUDE helpers
|
|
||||||
#
|
|
||||||
# Ipset
|
|
||||||
#
|
|
||||||
INCLUDE modules.ipset
|
|
||||||
#
|
|
||||||
# Traffic Shaping
|
|
||||||
#
|
|
||||||
INCLUDE modules.tc
|
|
||||||
#
|
|
||||||
# Extensions
|
|
||||||
#
|
|
||||||
INCLUDE modules.extensions
|
|
@ -1,28 +0,0 @@
|
|||||||
#
|
|
||||||
# Shorewall6 -- /usr/share/shorewall6/modules.essential
|
|
||||||
#
|
|
||||||
# Essential Modules File
|
|
||||||
#
|
|
||||||
# This file loads the modules that may be needed by the firewall.
|
|
||||||
#
|
|
||||||
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
|
|
||||||
# dependency order. i.e., if M2 depends on M1 then you must load M1
|
|
||||||
# before you load M2.
|
|
||||||
#
|
|
||||||
# If you need to modify this file, copy it to /etc/shorewall and modify the
|
|
||||||
# copy.
|
|
||||||
#
|
|
||||||
###############################################################################
|
|
||||||
loadmodule nfnetlink
|
|
||||||
loadmodule x_tables
|
|
||||||
loadmodule ip6_tables
|
|
||||||
loadmodule ip6table_filter
|
|
||||||
loadmodule ip6table_mangle
|
|
||||||
loadmodule ip6table_raw
|
|
||||||
loadmodule xt_conntrack
|
|
||||||
loadmodule nf_conntrack_ipv6
|
|
||||||
loadmodule nf_nat
|
|
||||||
loadmodule nf_nat_ipv6
|
|
||||||
loadmodule xt_state
|
|
||||||
loadmodule xt_tcpudp
|
|
||||||
loadmodule ip6t_REJECT
|
|
@ -1,16 +0,0 @@
|
|||||||
#
|
|
||||||
# Shorewall6 -- /usr/share/shorewall6/modules.extension
|
|
||||||
#
|
|
||||||
# Extensions Modules File
|
|
||||||
#
|
|
||||||
# This file loads the modules that may be needed by the firewall.
|
|
||||||
#
|
|
||||||
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
|
|
||||||
# dependency order. i.e., if M2 depends on M1 then you must load M1
|
|
||||||
# before you load M2.
|
|
||||||
#
|
|
||||||
# If you need to modify this file, copy it to /etc/shorewall and modify the
|
|
||||||
# copy.
|
|
||||||
#
|
|
||||||
###############################################################################
|
|
||||||
loadmodule ip6_queue
|
|
@ -1,27 +0,0 @@
|
|||||||
#
|
|
||||||
# Shorewall6 -- /usr/share/shorewall6/modules.ipset
|
|
||||||
#
|
|
||||||
# IP Set Modules File
|
|
||||||
#
|
|
||||||
# This file loads the modules that may be needed by the firewall.
|
|
||||||
#
|
|
||||||
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
|
|
||||||
# dependency order. i.e., if M2 depends on M1 then you must load M1
|
|
||||||
# before you load M2.
|
|
||||||
#
|
|
||||||
# If you need to modify this file, copy it to /etc/shorewall6 and modify the
|
|
||||||
# copy.
|
|
||||||
#
|
|
||||||
###############################################################################
|
|
||||||
loadmodule xt_set
|
|
||||||
loadmodule ip_set
|
|
||||||
loadmodule ip_set_iphash
|
|
||||||
loadmodule ip_set_ipmap
|
|
||||||
loadmodule ip_set_ipporthash
|
|
||||||
loadmodule ip_set_iptree
|
|
||||||
loadmodule ip_set_iptreemap
|
|
||||||
loadmodule ip_set_macipmap
|
|
||||||
loadmodule ip_set_nethash
|
|
||||||
loadmodule ip_set_portmap
|
|
||||||
loadmodule ipt_SET
|
|
||||||
loadmodule ipt_set
|
|
@ -1,27 +0,0 @@
|
|||||||
#
|
|
||||||
# Shorewall6 -- /usr/share/shorewall6/modules.tc
|
|
||||||
#
|
|
||||||
# Traffic Shaping Modules File
|
|
||||||
#
|
|
||||||
# This file loads the modules that may be needed by the firewall.
|
|
||||||
#
|
|
||||||
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
|
|
||||||
# dependency order. i.e., if M2 depends on M1 then you must load M1
|
|
||||||
# before you load M2.
|
|
||||||
#
|
|
||||||
# If you need to modify this file, copy it to /etc/shorewall and modify the
|
|
||||||
# copy.
|
|
||||||
#
|
|
||||||
###############################################################################
|
|
||||||
loadmodule sch_sfq
|
|
||||||
loadmodule sch_ingress
|
|
||||||
loadmodule sch_htb
|
|
||||||
loadmodule sch_hfsc
|
|
||||||
loadmodule sch_prio
|
|
||||||
loadmodule sch_tbf
|
|
||||||
loadmodule sch_fq_codel
|
|
||||||
loadmodule cls_u32
|
|
||||||
loadmodule cls_fw
|
|
||||||
loadmodule cls_flow
|
|
||||||
loadmodule cls_basic
|
|
||||||
loadmodule act_police
|
|
@ -1,51 +0,0 @@
|
|||||||
#
|
|
||||||
# Shorewall6 -- /usr/share/shorewall6/modules.xtables
|
|
||||||
#
|
|
||||||
# Xtables Modules File
|
|
||||||
#
|
|
||||||
# This file loads the modules that may be needed by the firewall.
|
|
||||||
#
|
|
||||||
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
|
|
||||||
# dependency order. i.e., if M2 depends on M1 then you must load M1
|
|
||||||
# before you load M2.
|
|
||||||
#
|
|
||||||
# If you need to modify this file, copy it to /etc/shorewall and modify the
|
|
||||||
# copy.
|
|
||||||
#
|
|
||||||
###############################################################################
|
|
||||||
loadmodule xt_AUDIT
|
|
||||||
loadmodule xt_CLASSIFY
|
|
||||||
loadmodule xt_connmark
|
|
||||||
loadmodule xt_CONNMARK
|
|
||||||
loadmodule xt_conntrack
|
|
||||||
loadmodule xt_dccp
|
|
||||||
loadmodule xt_dscp
|
|
||||||
loadmodule xt_DSCP
|
|
||||||
loadmodule xt_hashlimit
|
|
||||||
loadmodule xt_helper
|
|
||||||
loadmodule xt_iprange
|
|
||||||
loadmodule xt_length
|
|
||||||
loadmodule xt_limit
|
|
||||||
loadmodule xt_mac
|
|
||||||
loadmodule xt_mark
|
|
||||||
loadmodule xt_MARK
|
|
||||||
loadmodule xt_multiport
|
|
||||||
loadmodule xt_NFQUEUE
|
|
||||||
loadmodule xt_owner
|
|
||||||
loadmodule xt_physdev
|
|
||||||
loadmodule xt_pkttype
|
|
||||||
loadmodule xt_policy
|
|
||||||
loadmodule xt_sctp
|
|
||||||
loadmodule xt_tcpmss
|
|
||||||
loadmodule xt_TCPMSS
|
|
||||||
loadmodule xt_time
|
|
||||||
loadmodule xt_IPMARK
|
|
||||||
loadmodule xt_TPROXY
|
|
||||||
#
|
|
||||||
# From xtables-addons
|
|
||||||
#
|
|
||||||
loadmodule xt_condition
|
|
||||||
loadmodule xt_geoip
|
|
||||||
loadmodule xt_ipp2p
|
|
||||||
loadmodule xt_LOGMARK
|
|
||||||
loadmodule xt_RAWNAT
|
|
@ -386,6 +386,10 @@
|
|||||||
<filename>modules</filename> or <filename>helpers</filename> file
|
<filename>modules</filename> or <filename>helpers</filename> file
|
||||||
found on the CONFIG_PATH on the Administrative System during
|
found on the CONFIG_PATH on the Administrative System during
|
||||||
compilation will be used.</para>
|
compilation will be used.</para>
|
||||||
|
|
||||||
|
<para>In Shorewall 5.2.3, the LOAD_HELPERS_ONLY option was removed and
|
||||||
|
the behavior is that which was formerly obtained by setting
|
||||||
|
LOAD_HELPERS_ONLY=Yes.</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="Converting">
|
<section id="Converting">
|
||||||
|
@ -486,6 +486,11 @@ root@lists:~# </programlisting>
|
|||||||
<filename>/usr/share/shorewall/modules</filename>. That file does not set
|
<filename>/usr/share/shorewall/modules</filename>. That file does not set
|
||||||
<emphasis role="bold">sip_direct_media=0</emphasis>.</para>
|
<emphasis role="bold">sip_direct_media=0</emphasis>.</para>
|
||||||
|
|
||||||
|
<important>
|
||||||
|
<para>In Shorewall 5.2.3, the LOAD_HELPERS_ONLY option was removed and
|
||||||
|
the behavior is the same as if LOAD_HELPERS_ONLY=Yes.</para>
|
||||||
|
</important>
|
||||||
|
|
||||||
<para>If you need to modify either
|
<para>If you need to modify either
|
||||||
<filename>/usr/share/shorewall/helpers</filename> or
|
<filename>/usr/share/shorewall/helpers</filename> or
|
||||||
<filename>/usr/share/shorewall/modules</filename> then copy the file to
|
<filename>/usr/share/shorewall/modules</filename> then copy the file to
|
||||||
|
@ -799,6 +799,12 @@ root@lists:~# </programlisting>
|
|||||||
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
|
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
|
||||||
|
|
||||||
<para>Modify the setting of LOAD_HELPER_ONLY as necessary.</para>
|
<para>Modify the setting of LOAD_HELPER_ONLY as necessary.</para>
|
||||||
|
|
||||||
|
<important>
|
||||||
|
<para>In Shorewall 5.2.3, the LOAD_HELPERS_ONLY option was removed, and
|
||||||
|
the behavior is the same as if LOAD_HELPERS_ONLY=Yes was
|
||||||
|
specified.</para>
|
||||||
|
</important>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="DNAT">
|
<section id="DNAT">
|
||||||
|
@ -751,6 +751,12 @@ root@lists:~# </programlisting>
|
|||||||
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
|
<para><inlinegraphic fileref="images/BD21298_.gif" format="GIF"/></para>
|
||||||
|
|
||||||
<para>Modify the setting of LOAD_HELPER_ONLY as necessary.</para>
|
<para>Modify the setting of LOAD_HELPER_ONLY as necessary.</para>
|
||||||
|
|
||||||
|
<important>
|
||||||
|
<para>In Shorewall 5.2.3, the LOAD_HELPERS_ONLY option was removed, and
|
||||||
|
the behavior is the same as if LOAD_HELPERS_ONLY=Yes was
|
||||||
|
specified.</para>
|
||||||
|
</important>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="DNAT">
|
<section id="DNAT">
|
||||||
|
Loading…
Reference in New Issue
Block a user