Modules file breakup for IPv6

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-22 07:33:43 +01:00 · 2011-02-06 08:15:50 -08:00 · 2011-02-06 08:15:50 -08:00 · 946602bc1c
commit 946602bc1c
parent 106f23634c
10 changed files with 136 additions and 79 deletions
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -26,19 +26,19 @@ None.
      I I I.  N E W   F E A T U R E S   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------

-1)  The modules file is now just a driver that INCLUDEs several new
+1)  The modules files are now just a driver that INCLUDE several new
    files and one old file:

-    - /usr/share/shorewall/modules.essential  # Essential modules
-    - /usr/share/shorewall/modules.xtables    # xt_ modules
-    - /usr/share/shorewall/helpers            # Existing file
-    - /usr/share/shorewall/ipset              # ipset modules
-    - /usr/share/shorewall/modules.tc         # Traffic Shaping
-    - /usr/share/shorewall/modules.extensions # Other extensions
+    - /usr/share/shorewall[6]/modules.essential  # Essential modules
+    - /usr/share/shorewall[6]/modules.xtables    # xt_ modules
+    - /usr/share/shorewall[6]/helpers            # Existing file
+    - /usr/share/shorewall/ipset                 # ipset modules
+    - /usr/share/shorewall[6]/modules.tc         # Traffic Shaping
+    - /usr/share/shorewall[6]/modules.extensions # Other extensions

    This should make it easier to configure your own
-    /etc/shorewall/modules file that won't be obsolete when you upgrade
-    your Shorewall installation.
+    /etc/shorewall[6]/modules file that won't be obsolete when you
+    upgrade your Shorewall/Shorewall6 installation.

    For example, if you don't use traffic shaping or ipsets, you can
    remove those from your modules file.
--- a/Shorewall6-lite/install.sh
+++ b/Shorewall6-lite/install.sh
@ -299,6 +299,11 @@ if [ -f modules ]; then
    echo "Modules file installed as ${DESTDIR}/usr/share/shorewall6-lite/modules"
 fi

+for f in modules.*; do
+    run_install $OWNERSHIP -m 0644 $f ${DESTDIR}/usr/share/shorewall6-lite/$f
+    echo "Modules file $f installed as ${DESTDIR}/usr/share/shorewall6-lite/$f"
+fi
+
 if [ -d manpages ]; then
    #
    # Install the Man Pages
--- a/Shorewall6-lite/shorewall6-lite.spec
+++ b/Shorewall6-lite/shorewall6-lite.spec
@ -81,7 +81,7 @@ fi
 %attr(0644,root,root) /usr/share/shorewall6-lite/lib.base
 %attr(0644,root,root) /usr/share/shorewall6-lite/lib.cli
 %attr(0644,root,root) /usr/share/shorewall6-lite/lib.common
-%attr(0644,root,root) /usr/share/shorewall6-lite/modules
+%attr(0644,root,root) /usr/share/shorewall6-lite/modules*
 %attr(0544,root,root) /usr/share/shorewall6-lite/shorecap
 %attr(0755,root,root) /usr/share/shorewall6-lite/wait4ifup

--- a/Shorewall6/install.sh
+++ b/Shorewall6/install.sh
@ -395,6 +395,11 @@ fi
 run_install $OWNERSHIP -m 0644 modules ${DESTDIR}/usr/share/shorewall6/modules
 echo "Modules file installed as ${DESTDIR}/usr/share/shorewall6/modules"

+for f in modules.*; do
+    run_install $OWNERSHIP -m 0644 $f ${DESTDIR}/usr/share/shorewall6/$f
+    echo "Modules file $f installed as ${DESTDIR}/usr/share/shorewall6/$f"
+fi
+
 #
 # Install the Module Helpers file
 #
--- a/Shorewall6/modules
+++ b/Shorewall6/modules
@ -16,83 +16,20 @@
 #
 # Essential Modules
 #
-loadmodule nfnetlink
-loadmodule x_tables
-loadmodule ip6_tables 
-loadmodule ip6table_filter 
-loadmodule ip6table_mangle 
-loadmodule ip6table_raw
-loadmodule xt_conntrack
-loadmodule nf_conntrack_ipv6
-loadmodule xt_state
-loadmodule xt_tcpudp
-loadmodule ip6t_REJECT
-loadmodule ip6t_LOG
+INCLUDE modules.essential
 #
 # Other xtables modules
 #
-loadmodule xt_CLASSIFY
-loadmodule xt_connmark
-loadmodule xt_CONNMARK
-loadmodule xt_conntrack
-loadmodule xt_dccp
-loadmodule xt_dscp
-loadmodule xt_DSCP
-loadmodule xt_hashlimit
-loadmodule xt_helper
-loadmodule xt_iprange
-loadmodule xt_length
-loadmodule xt_limit
-loadmodule xt_mac
-loadmodule xt_mark
-loadmodule xt_MARK
-loadmodule xt_multiport
-loadmodule xt_NFQUEUE
-loadmodule xt_owner
-loadmodule xt_physdev
-loadmodule xt_pkttype
-loadmodule xt_policy
-loadmodule xt_sctp
-loadmodule xt_tcpmss
-loadmodule xt_TCPMSS
-loadmodule xt_time
-loadmodule xt_IPMARK
-loadmodule xt_TPROXY
+INCLUDE modules.xtables
 #
 # Helpers
 #
-loadmodule nf_conntrack_amanda
-loadmodule nf_conntrack_ftp
-loadmodule nf_conntrack_h323
-loadmodule nf_conntrack_irc
-loadmodule nf_conntrack_netbios_ns
-loadmodule nf_conntrack_netbios_ns
-loadmodule nf_conntrack_netlink
-loadmodule nf_conntrack_pptp
-loadmodule nf_conntrack_proto_sctp
-loadmodule nf_conntrack_proto_udplite
-loadmodule nf_conntrack_sane
-loadmodule nf_conntrack_sip
-loadmodule nf_conntrack_pptp
-loadmodule nf_conntrack_proto_gre
-loadmodule nf_conntrack_proto_sctp
-loadmodule nf_conntrack_sip
-loadmodule nf_conntrack_tftp
-loadmodule nf_conntrack_sane
+INCLUDE helpers
 #
 # Traffic Shaping
 #
-loadmodule sch_sfq
-loadmodule sch_ingress
-loadmodule sch_htb
-loadmodule sch_hfsc
-loadmodule sch_prio
-loadmodule sch_tbf
-loadmodule cls_u32
-loadmodule cls_fw
-loadmodule cls_flow
-loadmodule act_police
+INCLUDE modules.tc
 #
 # Extensions
 #
-loadmodule ip6_queue
+INCLUDE modules.extensions
--- a/Shorewall6/modules.essential
+++ b/Shorewall6/modules.essential
@ -0,0 +1,27 @@
+#
+# Shorewall6 version 4 - Essential Modules File
+#
+# /usr/share/shorewall6/modules.essential
+#
+#	This file loads the modules that may be needed by the firewall.
+#
+#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+#	dependency order. i.e., if M2 depends on M1 then you must load M1
+#	before you load M2.
+#
+#  If you need to modify this file, copy it to /etc/shorewall and modify the
+#  copy.
+#
+###############################################################################
+loadmodule nfnetlink
+loadmodule x_tables
+loadmodule ip6_tables 
+loadmodule ip6table_filter 
+loadmodule ip6table_mangle 
+loadmodule ip6table_raw
+loadmodule xt_conntrack
+loadmodule nf_conntrack_ipv6
+loadmodule xt_state
+loadmodule xt_tcpudp
+loadmodule ip6t_REJECT
+loadmodule ip6t_LOG
--- a/Shorewall6/modules.extensions
+++ b/Shorewall6/modules.extensions
@ -0,0 +1,16 @@
+#
+# Shorewall6 version 4 - Extensions Modules File
+#
+# /usr/share/shorewall6/modules.extension
+#
+#	This file loads the modules that may be needed by the firewall.
+#
+#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+#	dependency order. i.e., if M2 depends on M1 then you must load M1
+#	before you load M2.
+#
+#  If you need to modify this file, copy it to /etc/shorewall and modify the
+#  copy.
+#
+###############################################################################
+loadmodule ip6_queue
--- a/Shorewall6/modules.tc
+++ b/Shorewall6/modules.tc
@ -0,0 +1,25 @@
+#
+# Shorewall6 version 4 - Traffic Shaping Modules File
+#
+# /usr/share/shorewall6/modules.tc
+#
+#	This file loads the modules that may be needed by the firewall.
+#
+#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+#	dependency order. i.e., if M2 depends on M1 then you must load M1
+#	before you load M2.
+#
+#  If you need to modify this file, copy it to /etc/shorewall and modify the
+#  copy.
+#
+###############################################################################
+loadmodule sch_sfq
+loadmodule sch_ingress
+loadmodule sch_htb
+loadmodule sch_hfsc
+loadmodule sch_prio
+loadmodule sch_tbf
+loadmodule cls_u32
+loadmodule cls_fw
+loadmodule cls_flow
+loadmodule act_police
--- a/Shorewall6/modules.xtables
+++ b/Shorewall6/modules.xtables
@ -0,0 +1,42 @@
+#
+# Shorewall6 version 4 - Xtables Modules File
+#
+# /usr/share/shorewall6/modules.xtables
+#
+#	This file loads the modules that may be needed by the firewall.
+#
+#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+#	dependency order. i.e., if M2 depends on M1 then you must load M1
+#	before you load M2.
+#
+#  If you need to modify this file, copy it to /etc/shorewall and modify the
+#  copy.
+#
+###############################################################################
+loadmodule xt_CLASSIFY
+loadmodule xt_connmark
+loadmodule xt_CONNMARK
+loadmodule xt_conntrack
+loadmodule xt_dccp
+loadmodule xt_dscp
+loadmodule xt_DSCP
+loadmodule xt_hashlimit
+loadmodule xt_helper
+loadmodule xt_iprange
+loadmodule xt_length
+loadmodule xt_limit
+loadmodule xt_mac
+loadmodule xt_mark
+loadmodule xt_MARK
+loadmodule xt_multiport
+loadmodule xt_NFQUEUE
+loadmodule xt_owner
+loadmodule xt_physdev
+loadmodule xt_pkttype
+loadmodule xt_policy
+loadmodule xt_sctp
+loadmodule xt_tcpmss
+loadmodule xt_TCPMSS
+loadmodule xt_time
+loadmodule xt_IPMARK
+loadmodule xt_TPROXY
--- a/Shorewall6/shorewall6.spec
+++ b/Shorewall6/shorewall6.spec
@ -85,7 +85,7 @@ fi
 %attr(0644,root,root) /usr/share/shorewall6/lib.cli
 %attr(0644,root,root) /usr/share/shorewall6/lib.common
 %attr(0644,root,root) /usr/share/shorewall6/macro.*
-%attr(0644,root,root) /usr/share/shorewall6/modules
+%attr(0644,root,root) /usr/share/shorewall6/modules*
 %attr(0644,root,root) /usr/share/shorewall6/helpers
 %attr(0644,root,root) /usr/share/shorewall6/configpath
 %attr(0755,root,root) /usr/share/shorewall6/wait4ifup