From 8f85c7526482484beb5f4d8bd583ee58710f930b Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 21 Jan 2010 15:33:26 -0800 Subject: [PATCH] Implement LOAD_HELPERS_ONLY for IPv6 Signed-off-by: Tom Eastep --- Samples6/one-interface/shorewall6.conf | 4 +- Samples6/three-interfaces/shorewall6.conf | 2 + Samples6/two-interfaces/shorewall6.conf | 2 + Shorewall/Perl/prog.header6 | 2 +- Shorewall6/helpers | 47 +++++++++++++++++++++++ Shorewall6/install.sh | 6 +++ Shorewall6/lib.base | 2 +- Shorewall6/shorewall6 | 14 +++++++ Shorewall6/shorewall6.conf | 2 + 9 files changed, 78 insertions(+), 3 deletions(-) create mode 100644 Shorewall6/helpers diff --git a/Samples6/one-interface/shorewall6.conf b/Samples6/one-interface/shorewall6.conf index d66fe7634..693074598 100644 --- a/Samples6/one-interface/shorewall6.conf +++ b/Samples6/one-interface/shorewall6.conf @@ -151,7 +151,9 @@ DYNAMIC_BLACKLIST=Yes OPTIMIZE_ACCOUNTING=No -############################################################################### +LOAD_HELPERS_ONLY=Yes + +############################################################################## # P A C K E T D I S P O S I T I O N ############################################################################### diff --git a/Samples6/three-interfaces/shorewall6.conf b/Samples6/three-interfaces/shorewall6.conf index 8e1c2e6d8..21ab4a6d1 100644 --- a/Samples6/three-interfaces/shorewall6.conf +++ b/Samples6/three-interfaces/shorewall6.conf @@ -151,6 +151,8 @@ DYNAMIC_BLACKLIST=Yes OPTIMIZE_ACCOUNTING=No +LOAD_HELPERS_ONLY=Yes + ############################################################################### # P A C K E T D I S P O S I T I O N ############################################################################### diff --git a/Samples6/two-interfaces/shorewall6.conf b/Samples6/two-interfaces/shorewall6.conf index b67d005de..c29e755c6 100644 --- a/Samples6/two-interfaces/shorewall6.conf +++ b/Samples6/two-interfaces/shorewall6.conf @@ -151,6 +151,8 @@ DYNAMIC_BLACKLIST=Yes OPTIMIZE_ACCOUNTING=No +LOAD_HELPERS_ONLY=Yes + ############################################################################### # P A C K E T D I S P O S I T I O N ############################################################################### diff --git a/Shorewall/Perl/prog.header6 b/Shorewall/Perl/prog.header6 index a5586466e..bb7f94132 100644 --- a/Shorewall/Perl/prog.header6 +++ b/Shorewall/Perl/prog.header6 @@ -310,7 +310,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR [ -d $directory ] && moduledirectories="$moduledirectories $directory" done - modules=$(find_file modules) + [ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules) if [ -f $modules -a -n "$moduledirectories" ]; then MODULES=$(lsmod | cut -d ' ' -f1) diff --git a/Shorewall6/helpers b/Shorewall6/helpers new file mode 100644 index 000000000..7157c4746 --- /dev/null +++ b/Shorewall6/helpers @@ -0,0 +1,47 @@ +# +# Shorewall6 version 4 - Helpers File +# +# /usr/share/shorewall6/helpers +# +# This file loads the modules that may be needed by the firewall. +# +# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in +# dependency order. i.e., if M2 depends on M1 then you must load M1 +# before you load M2. +# +# If you need to modify this file, copy it to /etc/shorewall and modify the +# copy. +# +############################################################################### +# +# Helpers +# +loadmodule nf_conntrack_amanda +loadmodule nf_conntrack_ftp +loadmodule nf_conntrack_h323 +loadmodule nf_conntrack_irc +loadmodule nf_conntrack_netbios_ns +loadmodule nf_conntrack_netbios_ns +loadmodule nf_conntrack_netlink +loadmodule nf_conntrack_pptp +loadmodule nf_conntrack_proto_sctp +loadmodule nf_conntrack_proto_udplite +loadmodule nf_conntrack_sane +loadmodule nf_conntrack_sip sip_direct_media=0 +loadmodule nf_conntrack_pptp +loadmodule nf_conntrack_proto_gre +loadmodule nf_conntrack_proto_sctp +loadmodule nf_conntrack_sip +loadmodule nf_conntrack_tftp +loadmodule nf_conntrack_sane +# +# Traffic Shaping +# +loadmodule sch_sfq +loadmodule sch_ingress +loadmodule sch_htb +loadmodule sch_hfsc +loadmodule cls_u32 +loadmodule cls_fw +loadmodule cls_flow +loadmodule act_police diff --git a/Shorewall6/install.sh b/Shorewall6/install.sh index cbf1c2f1a..4120ed368 100755 --- a/Shorewall6/install.sh +++ b/Shorewall6/install.sh @@ -361,6 +361,12 @@ fi run_install $OWNERSHIP -m 0600 modules ${PREFIX}/usr/share/shorewall6/modules echo "Modules file installed as ${PREFIX}/usr/share/shorewall6/modules" +# +# Install the Module Helpers file +# +run_install $OWNERSHIP -m 0600 helpers ${PREFIX}/usr/share/shorewall6/helpers +echo "Helper modules file installed as ${PREFIX}/usr/share/shorewall6/helpers" + # # Install the TC Rules file # diff --git a/Shorewall6/lib.base b/Shorewall6/lib.base index bcf9c38aa..47287ab44 100644 --- a/Shorewall6/lib.base +++ b/Shorewall6/lib.base @@ -302,7 +302,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR [ -d $directory ] && moduledirectories="$moduledirectories $directory" done - modules=$(find_file modules) + [ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules) if [ -f $modules -a -n "$moduledirectories" ]; then MODULES=$(lsmod | cut -d ' ' -f1) diff --git a/Shorewall6/shorewall6 b/Shorewall6/shorewall6 index 9a89e069e..14374f0a0 100755 --- a/Shorewall6/shorewall6 +++ b/Shorewall6/shorewall6 @@ -220,6 +220,20 @@ get_config() { fi ;; esac + + case $LOAD_HELPERS_ONLY in + Yes|yes) + ;; + No|no) + LOAD_HELPERS_ONLY= + ;; + *) + if [ -n "$LOAD_HELPERS_ONLY" ]; then + echo " ERROR: Invalid LOAD_HELPERS_ONLY setting ($LOAD_HELPERS_ONLY)" >&2 + exit 1 + fi + ;; + esac } # diff --git a/Shorewall6/shorewall6.conf b/Shorewall6/shorewall6.conf index 988641bf4..8b3746fa6 100644 --- a/Shorewall6/shorewall6.conf +++ b/Shorewall6/shorewall6.conf @@ -157,6 +157,8 @@ OPTIMIZE_ACCOUNTING=No DYNAMIC_BLACKLIST=Yes +LOAD_HELPERS_ONLY=No + ############################################################################### # P A C K E T D I S P O S I T I O N ###############################################################################