Implement LOAD_HELPERS_ONLY for IPv6

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-08 08:44:05 +01:00 · 2010-01-21 15:33:26 -08:00 · 2010-01-21 15:33:26 -08:00 · 8f85c75264
commit 8f85c75264
parent efc43b1b24
9 changed files with 78 additions and 3 deletions
--- a/Samples6/one-interface/shorewall6.conf
+++ b/Samples6/one-interface/shorewall6.conf
@ -151,7 +151,9 @@ DYNAMIC_BLACKLIST=Yes

 OPTIMIZE_ACCOUNTING=No

-###############################################################################
+LOAD_HELPERS_ONLY=Yes
+
+##############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################

--- a/Samples6/three-interfaces/shorewall6.conf
+++ b/Samples6/three-interfaces/shorewall6.conf
@ -151,6 +151,8 @@ DYNAMIC_BLACKLIST=Yes

 OPTIMIZE_ACCOUNTING=No

+LOAD_HELPERS_ONLY=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Samples6/two-interfaces/shorewall6.conf
+++ b/Samples6/two-interfaces/shorewall6.conf
@ -151,6 +151,8 @@ DYNAMIC_BLACKLIST=Yes

 OPTIMIZE_ACCOUNTING=No

+LOAD_HELPERS_ONLY=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Shorewall/Perl/prog.header6
+++ b/Shorewall/Perl/prog.header6
@ -310,7 +310,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
 	[ -d $directory ] && moduledirectories="$moduledirectories $directory"
    done

-    modules=$(find_file modules)
+    [ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules)

    if [ -f $modules -a -n "$moduledirectories" ]; then
 	MODULES=$(lsmod | cut -d ' ' -f1)
--- a/Shorewall6/helpers
+++ b/Shorewall6/helpers
@ -0,0 +1,47 @@
+#
+# Shorewall6 version 4 - Helpers File
+#
+# /usr/share/shorewall6/helpers
+#
+#	This file loads the modules that may be needed by the firewall.
+#
+#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+#	dependency order. i.e., if M2 depends on M1 then you must load M1
+#	before you load M2.
+#
+#  If you need to modify this file, copy it to /etc/shorewall and modify the
+#  copy.
+#
+###############################################################################
+#
+# Helpers
+#
+loadmodule nf_conntrack_amanda
+loadmodule nf_conntrack_ftp
+loadmodule nf_conntrack_h323
+loadmodule nf_conntrack_irc
+loadmodule nf_conntrack_netbios_ns
+loadmodule nf_conntrack_netbios_ns
+loadmodule nf_conntrack_netlink
+loadmodule nf_conntrack_pptp
+loadmodule nf_conntrack_proto_sctp
+loadmodule nf_conntrack_proto_udplite
+loadmodule nf_conntrack_sane
+loadmodule nf_conntrack_sip         sip_direct_media=0
+loadmodule nf_conntrack_pptp
+loadmodule nf_conntrack_proto_gre
+loadmodule nf_conntrack_proto_sctp
+loadmodule nf_conntrack_sip
+loadmodule nf_conntrack_tftp
+loadmodule nf_conntrack_sane
+#
+# Traffic Shaping
+#
+loadmodule sch_sfq
+loadmodule sch_ingress
+loadmodule sch_htb
+loadmodule sch_hfsc
+loadmodule cls_u32
+loadmodule cls_fw
+loadmodule cls_flow
+loadmodule act_police
--- a/Shorewall6/install.sh
+++ b/Shorewall6/install.sh
@ -361,6 +361,12 @@ fi
 run_install $OWNERSHIP -m 0600 modules ${PREFIX}/usr/share/shorewall6/modules
 echo "Modules file installed as ${PREFIX}/usr/share/shorewall6/modules"

+#
+# Install the Module Helpers file
+#
+run_install $OWNERSHIP -m 0600 helpers ${PREFIX}/usr/share/shorewall6/helpers
+echo "Helper modules file installed as ${PREFIX}/usr/share/shorewall6/helpers"
+
 #
 # Install the TC Rules file
 #
--- a/Shorewall6/lib.base
+++ b/Shorewall6/lib.base
@ -302,7 +302,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
 	[ -d $directory ] && moduledirectories="$moduledirectories $directory"
    done

-    modules=$(find_file modules)
+    [ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules)

    if [ -f $modules -a -n "$moduledirectories" ]; then
 	MODULES=$(lsmod | cut -d ' ' -f1)
--- a/Shorewall6/shorewall6
+++ b/Shorewall6/shorewall6
@ -220,6 +220,20 @@ get_config() {
 	    fi
 	    ;;
    esac
+
+    case $LOAD_HELPERS_ONLY in
+	Yes|yes)
+	    ;;
+	No|no)
+	    LOAD_HELPERS_ONLY=
+	    ;;
+	*)
+	    if [ -n "$LOAD_HELPERS_ONLY" ]; then
+		echo "   ERROR: Invalid LOAD_HELPERS_ONLY setting ($LOAD_HELPERS_ONLY)" >&2
+		exit 1
+	    fi
+	    ;;
+    esac
 }

 #
--- a/Shorewall6/shorewall6.conf
+++ b/Shorewall6/shorewall6.conf
@ -157,6 +157,8 @@ OPTIMIZE_ACCOUNTING=No

 DYNAMIC_BLACKLIST=Yes

+LOAD_HELPERS_ONLY=No
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################