mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-20 01:37:59 +02:00
Modules file breakup for IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
106f23634c
commit
946602bc1c
@ -26,19 +26,19 @@ None.
|
|||||||
I I I. N E W F E A T U R E S I N T H I S R E L E A S E
|
I I I. N E W F E A T U R E S I N T H I S R E L E A S E
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
|
|
||||||
1) The modules file is now just a driver that INCLUDEs several new
|
1) The modules files are now just a driver that INCLUDE several new
|
||||||
files and one old file:
|
files and one old file:
|
||||||
|
|
||||||
- /usr/share/shorewall/modules.essential # Essential modules
|
- /usr/share/shorewall[6]/modules.essential # Essential modules
|
||||||
- /usr/share/shorewall/modules.xtables # xt_ modules
|
- /usr/share/shorewall[6]/modules.xtables # xt_ modules
|
||||||
- /usr/share/shorewall/helpers # Existing file
|
- /usr/share/shorewall[6]/helpers # Existing file
|
||||||
- /usr/share/shorewall/ipset # ipset modules
|
- /usr/share/shorewall/ipset # ipset modules
|
||||||
- /usr/share/shorewall/modules.tc # Traffic Shaping
|
- /usr/share/shorewall[6]/modules.tc # Traffic Shaping
|
||||||
- /usr/share/shorewall/modules.extensions # Other extensions
|
- /usr/share/shorewall[6]/modules.extensions # Other extensions
|
||||||
|
|
||||||
This should make it easier to configure your own
|
This should make it easier to configure your own
|
||||||
/etc/shorewall/modules file that won't be obsolete when you upgrade
|
/etc/shorewall[6]/modules file that won't be obsolete when you
|
||||||
your Shorewall installation.
|
upgrade your Shorewall/Shorewall6 installation.
|
||||||
|
|
||||||
For example, if you don't use traffic shaping or ipsets, you can
|
For example, if you don't use traffic shaping or ipsets, you can
|
||||||
remove those from your modules file.
|
remove those from your modules file.
|
||||||
|
|||||||
@ -299,6 +299,11 @@ if [ -f modules ]; then
|
|||||||
echo "Modules file installed as ${DESTDIR}/usr/share/shorewall6-lite/modules"
|
echo "Modules file installed as ${DESTDIR}/usr/share/shorewall6-lite/modules"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
for f in modules.*; do
|
||||||
|
run_install $OWNERSHIP -m 0644 $f ${DESTDIR}/usr/share/shorewall6-lite/$f
|
||||||
|
echo "Modules file $f installed as ${DESTDIR}/usr/share/shorewall6-lite/$f"
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -d manpages ]; then
|
if [ -d manpages ]; then
|
||||||
#
|
#
|
||||||
# Install the Man Pages
|
# Install the Man Pages
|
||||||
|
|||||||
@ -81,7 +81,7 @@ fi
|
|||||||
%attr(0644,root,root) /usr/share/shorewall6-lite/lib.base
|
%attr(0644,root,root) /usr/share/shorewall6-lite/lib.base
|
||||||
%attr(0644,root,root) /usr/share/shorewall6-lite/lib.cli
|
%attr(0644,root,root) /usr/share/shorewall6-lite/lib.cli
|
||||||
%attr(0644,root,root) /usr/share/shorewall6-lite/lib.common
|
%attr(0644,root,root) /usr/share/shorewall6-lite/lib.common
|
||||||
%attr(0644,root,root) /usr/share/shorewall6-lite/modules
|
%attr(0644,root,root) /usr/share/shorewall6-lite/modules*
|
||||||
%attr(0544,root,root) /usr/share/shorewall6-lite/shorecap
|
%attr(0544,root,root) /usr/share/shorewall6-lite/shorecap
|
||||||
%attr(0755,root,root) /usr/share/shorewall6-lite/wait4ifup
|
%attr(0755,root,root) /usr/share/shorewall6-lite/wait4ifup
|
||||||
|
|
||||||
|
|||||||
@ -395,6 +395,11 @@ fi
|
|||||||
run_install $OWNERSHIP -m 0644 modules ${DESTDIR}/usr/share/shorewall6/modules
|
run_install $OWNERSHIP -m 0644 modules ${DESTDIR}/usr/share/shorewall6/modules
|
||||||
echo "Modules file installed as ${DESTDIR}/usr/share/shorewall6/modules"
|
echo "Modules file installed as ${DESTDIR}/usr/share/shorewall6/modules"
|
||||||
|
|
||||||
|
for f in modules.*; do
|
||||||
|
run_install $OWNERSHIP -m 0644 $f ${DESTDIR}/usr/share/shorewall6/$f
|
||||||
|
echo "Modules file $f installed as ${DESTDIR}/usr/share/shorewall6/$f"
|
||||||
|
fi
|
||||||
|
|
||||||
#
|
#
|
||||||
# Install the Module Helpers file
|
# Install the Module Helpers file
|
||||||
#
|
#
|
||||||
|
|||||||
@ -16,83 +16,20 @@
|
|||||||
#
|
#
|
||||||
# Essential Modules
|
# Essential Modules
|
||||||
#
|
#
|
||||||
loadmodule nfnetlink
|
INCLUDE modules.essential
|
||||||
loadmodule x_tables
|
|
||||||
loadmodule ip6_tables
|
|
||||||
loadmodule ip6table_filter
|
|
||||||
loadmodule ip6table_mangle
|
|
||||||
loadmodule ip6table_raw
|
|
||||||
loadmodule xt_conntrack
|
|
||||||
loadmodule nf_conntrack_ipv6
|
|
||||||
loadmodule xt_state
|
|
||||||
loadmodule xt_tcpudp
|
|
||||||
loadmodule ip6t_REJECT
|
|
||||||
loadmodule ip6t_LOG
|
|
||||||
#
|
#
|
||||||
# Other xtables modules
|
# Other xtables modules
|
||||||
#
|
#
|
||||||
loadmodule xt_CLASSIFY
|
INCLUDE modules.xtables
|
||||||
loadmodule xt_connmark
|
|
||||||
loadmodule xt_CONNMARK
|
|
||||||
loadmodule xt_conntrack
|
|
||||||
loadmodule xt_dccp
|
|
||||||
loadmodule xt_dscp
|
|
||||||
loadmodule xt_DSCP
|
|
||||||
loadmodule xt_hashlimit
|
|
||||||
loadmodule xt_helper
|
|
||||||
loadmodule xt_iprange
|
|
||||||
loadmodule xt_length
|
|
||||||
loadmodule xt_limit
|
|
||||||
loadmodule xt_mac
|
|
||||||
loadmodule xt_mark
|
|
||||||
loadmodule xt_MARK
|
|
||||||
loadmodule xt_multiport
|
|
||||||
loadmodule xt_NFQUEUE
|
|
||||||
loadmodule xt_owner
|
|
||||||
loadmodule xt_physdev
|
|
||||||
loadmodule xt_pkttype
|
|
||||||
loadmodule xt_policy
|
|
||||||
loadmodule xt_sctp
|
|
||||||
loadmodule xt_tcpmss
|
|
||||||
loadmodule xt_TCPMSS
|
|
||||||
loadmodule xt_time
|
|
||||||
loadmodule xt_IPMARK
|
|
||||||
loadmodule xt_TPROXY
|
|
||||||
#
|
#
|
||||||
# Helpers
|
# Helpers
|
||||||
#
|
#
|
||||||
loadmodule nf_conntrack_amanda
|
INCLUDE helpers
|
||||||
loadmodule nf_conntrack_ftp
|
|
||||||
loadmodule nf_conntrack_h323
|
|
||||||
loadmodule nf_conntrack_irc
|
|
||||||
loadmodule nf_conntrack_netbios_ns
|
|
||||||
loadmodule nf_conntrack_netbios_ns
|
|
||||||
loadmodule nf_conntrack_netlink
|
|
||||||
loadmodule nf_conntrack_pptp
|
|
||||||
loadmodule nf_conntrack_proto_sctp
|
|
||||||
loadmodule nf_conntrack_proto_udplite
|
|
||||||
loadmodule nf_conntrack_sane
|
|
||||||
loadmodule nf_conntrack_sip
|
|
||||||
loadmodule nf_conntrack_pptp
|
|
||||||
loadmodule nf_conntrack_proto_gre
|
|
||||||
loadmodule nf_conntrack_proto_sctp
|
|
||||||
loadmodule nf_conntrack_sip
|
|
||||||
loadmodule nf_conntrack_tftp
|
|
||||||
loadmodule nf_conntrack_sane
|
|
||||||
#
|
#
|
||||||
# Traffic Shaping
|
# Traffic Shaping
|
||||||
#
|
#
|
||||||
loadmodule sch_sfq
|
INCLUDE modules.tc
|
||||||
loadmodule sch_ingress
|
|
||||||
loadmodule sch_htb
|
|
||||||
loadmodule sch_hfsc
|
|
||||||
loadmodule sch_prio
|
|
||||||
loadmodule sch_tbf
|
|
||||||
loadmodule cls_u32
|
|
||||||
loadmodule cls_fw
|
|
||||||
loadmodule cls_flow
|
|
||||||
loadmodule act_police
|
|
||||||
#
|
#
|
||||||
# Extensions
|
# Extensions
|
||||||
#
|
#
|
||||||
loadmodule ip6_queue
|
INCLUDE modules.extensions
|
||||||
|
|||||||
27
Shorewall6/modules.essential
Normal file
27
Shorewall6/modules.essential
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
#
|
||||||
|
# Shorewall6 version 4 - Essential Modules File
|
||||||
|
#
|
||||||
|
# /usr/share/shorewall6/modules.essential
|
||||||
|
#
|
||||||
|
# This file loads the modules that may be needed by the firewall.
|
||||||
|
#
|
||||||
|
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
|
||||||
|
# dependency order. i.e., if M2 depends on M1 then you must load M1
|
||||||
|
# before you load M2.
|
||||||
|
#
|
||||||
|
# If you need to modify this file, copy it to /etc/shorewall and modify the
|
||||||
|
# copy.
|
||||||
|
#
|
||||||
|
###############################################################################
|
||||||
|
loadmodule nfnetlink
|
||||||
|
loadmodule x_tables
|
||||||
|
loadmodule ip6_tables
|
||||||
|
loadmodule ip6table_filter
|
||||||
|
loadmodule ip6table_mangle
|
||||||
|
loadmodule ip6table_raw
|
||||||
|
loadmodule xt_conntrack
|
||||||
|
loadmodule nf_conntrack_ipv6
|
||||||
|
loadmodule xt_state
|
||||||
|
loadmodule xt_tcpudp
|
||||||
|
loadmodule ip6t_REJECT
|
||||||
|
loadmodule ip6t_LOG
|
||||||
16
Shorewall6/modules.extensions
Normal file
16
Shorewall6/modules.extensions
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
#
|
||||||
|
# Shorewall6 version 4 - Extensions Modules File
|
||||||
|
#
|
||||||
|
# /usr/share/shorewall6/modules.extension
|
||||||
|
#
|
||||||
|
# This file loads the modules that may be needed by the firewall.
|
||||||
|
#
|
||||||
|
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
|
||||||
|
# dependency order. i.e., if M2 depends on M1 then you must load M1
|
||||||
|
# before you load M2.
|
||||||
|
#
|
||||||
|
# If you need to modify this file, copy it to /etc/shorewall and modify the
|
||||||
|
# copy.
|
||||||
|
#
|
||||||
|
###############################################################################
|
||||||
|
loadmodule ip6_queue
|
||||||
25
Shorewall6/modules.tc
Normal file
25
Shorewall6/modules.tc
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
#
|
||||||
|
# Shorewall6 version 4 - Traffic Shaping Modules File
|
||||||
|
#
|
||||||
|
# /usr/share/shorewall6/modules.tc
|
||||||
|
#
|
||||||
|
# This file loads the modules that may be needed by the firewall.
|
||||||
|
#
|
||||||
|
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
|
||||||
|
# dependency order. i.e., if M2 depends on M1 then you must load M1
|
||||||
|
# before you load M2.
|
||||||
|
#
|
||||||
|
# If you need to modify this file, copy it to /etc/shorewall and modify the
|
||||||
|
# copy.
|
||||||
|
#
|
||||||
|
###############################################################################
|
||||||
|
loadmodule sch_sfq
|
||||||
|
loadmodule sch_ingress
|
||||||
|
loadmodule sch_htb
|
||||||
|
loadmodule sch_hfsc
|
||||||
|
loadmodule sch_prio
|
||||||
|
loadmodule sch_tbf
|
||||||
|
loadmodule cls_u32
|
||||||
|
loadmodule cls_fw
|
||||||
|
loadmodule cls_flow
|
||||||
|
loadmodule act_police
|
||||||
42
Shorewall6/modules.xtables
Normal file
42
Shorewall6/modules.xtables
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
#
|
||||||
|
# Shorewall6 version 4 - Xtables Modules File
|
||||||
|
#
|
||||||
|
# /usr/share/shorewall6/modules.xtables
|
||||||
|
#
|
||||||
|
# This file loads the modules that may be needed by the firewall.
|
||||||
|
#
|
||||||
|
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
|
||||||
|
# dependency order. i.e., if M2 depends on M1 then you must load M1
|
||||||
|
# before you load M2.
|
||||||
|
#
|
||||||
|
# If you need to modify this file, copy it to /etc/shorewall and modify the
|
||||||
|
# copy.
|
||||||
|
#
|
||||||
|
###############################################################################
|
||||||
|
loadmodule xt_CLASSIFY
|
||||||
|
loadmodule xt_connmark
|
||||||
|
loadmodule xt_CONNMARK
|
||||||
|
loadmodule xt_conntrack
|
||||||
|
loadmodule xt_dccp
|
||||||
|
loadmodule xt_dscp
|
||||||
|
loadmodule xt_DSCP
|
||||||
|
loadmodule xt_hashlimit
|
||||||
|
loadmodule xt_helper
|
||||||
|
loadmodule xt_iprange
|
||||||
|
loadmodule xt_length
|
||||||
|
loadmodule xt_limit
|
||||||
|
loadmodule xt_mac
|
||||||
|
loadmodule xt_mark
|
||||||
|
loadmodule xt_MARK
|
||||||
|
loadmodule xt_multiport
|
||||||
|
loadmodule xt_NFQUEUE
|
||||||
|
loadmodule xt_owner
|
||||||
|
loadmodule xt_physdev
|
||||||
|
loadmodule xt_pkttype
|
||||||
|
loadmodule xt_policy
|
||||||
|
loadmodule xt_sctp
|
||||||
|
loadmodule xt_tcpmss
|
||||||
|
loadmodule xt_TCPMSS
|
||||||
|
loadmodule xt_time
|
||||||
|
loadmodule xt_IPMARK
|
||||||
|
loadmodule xt_TPROXY
|
||||||
@ -85,7 +85,7 @@ fi
|
|||||||
%attr(0644,root,root) /usr/share/shorewall6/lib.cli
|
%attr(0644,root,root) /usr/share/shorewall6/lib.cli
|
||||||
%attr(0644,root,root) /usr/share/shorewall6/lib.common
|
%attr(0644,root,root) /usr/share/shorewall6/lib.common
|
||||||
%attr(0644,root,root) /usr/share/shorewall6/macro.*
|
%attr(0644,root,root) /usr/share/shorewall6/macro.*
|
||||||
%attr(0644,root,root) /usr/share/shorewall6/modules
|
%attr(0644,root,root) /usr/share/shorewall6/modules*
|
||||||
%attr(0644,root,root) /usr/share/shorewall6/helpers
|
%attr(0644,root,root) /usr/share/shorewall6/helpers
|
||||||
%attr(0644,root,root) /usr/share/shorewall6/configpath
|
%attr(0644,root,root) /usr/share/shorewall6/configpath
|
||||||
%attr(0755,root,root) /usr/share/shorewall6/wait4ifup
|
%attr(0755,root,root) /usr/share/shorewall6/wait4ifup
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user