diff --git a/Samples/Universal/shorewall.conf b/Samples/Universal/shorewall.conf
index 32bbcefc0..56f365329 100644
--- a/Samples/Universal/shorewall.conf
+++ b/Samples/Universal/shorewall.conf
@@ -194,6 +194,8 @@ FORWARD_CLEAR_MARK=
COMPLETE=Yes
+USE_LOCAL_MODULES=Yes
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/Samples/one-interface/shorewall.conf b/Samples/one-interface/shorewall.conf
index 1f6622689..6f54575b2 100644
--- a/Samples/one-interface/shorewall.conf
+++ b/Samples/one-interface/shorewall.conf
@@ -205,6 +205,8 @@ FORWARD_CLEAR_MARK=
COMPLETE=No
+USE_LOCAL_MODULES=Yes
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/Samples/three-interfaces/shorewall.conf b/Samples/three-interfaces/shorewall.conf
index 416a8cd96..5b895380a 100644
--- a/Samples/three-interfaces/shorewall.conf
+++ b/Samples/three-interfaces/shorewall.conf
@@ -205,6 +205,8 @@ FORWARD_CLEAR_MARK=
COMPLETE=No
+USE_LOCAL_MODULES=Yes
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/Samples/two-interfaces/shorewall.conf b/Samples/two-interfaces/shorewall.conf
index a67fa4dcf..24dfc8eda 100644
--- a/Samples/two-interfaces/shorewall.conf
+++ b/Samples/two-interfaces/shorewall.conf
@@ -212,6 +212,8 @@ FORWARD_CLEAR_MARK=
COMPLETE=No
+USE_LOCAL_MODULES=Yes
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/Samples6/Universal/shorewall6.conf b/Samples6/Universal/shorewall6.conf
index b0997c617..d0956973b 100644
--- a/Samples6/Universal/shorewall6.conf
+++ b/Samples6/Universal/shorewall6.conf
@@ -157,6 +157,8 @@ FORWARD_CLEAR_MARK=
COMPLETE=Yes
+USE_LOCAL_MODULES=Yes
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/Samples6/one-interface/shorewall6.conf b/Samples6/one-interface/shorewall6.conf
index 8723366fc..fefd8a4f8 100644
--- a/Samples6/one-interface/shorewall6.conf
+++ b/Samples6/one-interface/shorewall6.conf
@@ -159,6 +159,8 @@ FORWARD_CLEAR_MARK=
COMPLETE=No
+USE_LOCAL_MODULES=Yes
+
##############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/Samples6/three-interfaces/shorewall6.conf b/Samples6/three-interfaces/shorewall6.conf
index bd64d6007..dd61b8df3 100644
--- a/Samples6/three-interfaces/shorewall6.conf
+++ b/Samples6/three-interfaces/shorewall6.conf
@@ -159,6 +159,8 @@ FORWARD_CLEAR_MARK=
COMPLETE=No
+USE_LOCAL_MODULES=Yes
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/Samples6/two-interfaces/shorewall6.conf b/Samples6/two-interfaces/shorewall6.conf
index 04a862281..c1ae98424 100644
--- a/Samples6/two-interfaces/shorewall6.conf
+++ b/Samples6/two-interfaces/shorewall6.conf
@@ -159,6 +159,8 @@ FORWARD_CLEAR_MARK=
COMPLETE=No
+USE_LOCAL_MODULES=Yes
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm
index 2a9ffb911..4c09e34fa 100644
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@@ -337,9 +337,9 @@ sub generate_script_3($) {
save_progress_message 'Initializing...';
if ( $export ) {
- my $fn = find_file $config{LOAD_HELPERS_ONLY} ? 'helpers' : 'modules';
+ my $fn = find_file( $config{LOAD_HELPERS_ONLY} ? 'helpers' : 'modules' );
- if ( -f $fn && ! $fn =~ "^$globals{SHAREDIR}/" ) {
+ if ( -f $fn && ( $config{USE_LOCAL_MODULES} || ! $fn =~ "^$globals{SHAREDIR}/" ) ) {
emit 'echo MODULESDIR="$MODULESDIR" > ${VARDIR}/.modulesdir';
emit 'cat > ${VARDIR}/.modules << EOF';
open_file $fn;
diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 1dd63ae00..2a89901f8 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -483,6 +483,7 @@ sub initialize( $ ) {
REQUIRE_INTERFACE => undef,
FORWARD_CLEAR_MARK => undef,
COMPLETE => undef,
+ USE_LOCAL_MODULES => undef,
#
# Packet Disposition
#
@@ -3204,6 +3205,7 @@ sub get_configuration( $ ) {
default_yes_no 'REQUIRE_INTERFACE' , '';
default_yes_no 'FORWARD_CLEAR_MARK' , have_capability 'MARK' ? 'Yes' : '';
default_yes_no 'COMPLETE' , '';
+ default_yes_no 'USE_LOCAL_MODULES' , '';
require_capability 'MARK' , 'FOREWARD_CLEAR_MARK=Yes', 's', if $config{FORWARD_CLEAR_MARK};
diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index f68bb1822..3904c5df4 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -8,6 +8,8 @@ Changes in Shorewall 4.4.17 Beta 1
4) Add sch_prio to modules file.
+5) Add 'USE_LOCAL_MODULES' option.
+
Changes in Shorewall 4.4.17 Beta 1
1) Improve readability of logging logic in expand_rule().
diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf
index 96e7b2ab6..bee3cd58b 100644
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@@ -194,6 +194,8 @@ FORWARD_CLEAR_MARK=
COMPLETE=No
+USE_LOCAL_MODULES=Yes
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 29a75c771..03c3814dd 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -77,13 +77,22 @@ Beta 1
stopped
tcclear
- The directive is executed during compilation so that the INCLUDEd
- file(s) is(are) copied into the generated script. This same
- technique is also now used for INCLUDE directives in the params
- file when EXPORTPARAMS=Yes. Previously, INCLUDE directives in that
- file were strongly discouraged with EXPORTPARAMS=Yes because the
- INCLUDE was performed on the firewall system rather than on the
- administrative system.
+ The directive is executed during compilation so that the INCLUDEd
+ file(s) is(are) copied into the generated script. This same
+ technique is also now used for INCLUDE directives in the params
+ file when EXPORTPARAMS=Yes. Previously, INCLUDE directives in that
+ file were strongly discouraged with EXPORTPARAMS=Yes because the
+ INCLUDE was performed on the firewall system rather than on the
+ administrative system.
+
+3) Traditionally, the -lite products have used the modules (or
+ helpers) file on the firewall system unless there is a modules (or
+ helpers) file in the configuration directory. This release
+ introduces the USE_LOCAL_MODULES option in shorewall[6].conf.
+
+ When USE_LOCAL_MODULES=Yes, the modules (helpers) file on the
+ administrative system will be used to determine the set of modules
+ loaded.
----------------------------------------------------------------------------
I V. R E L E A S E 4 . 4 H I G H L I G H T S
diff --git a/Shorewall6/shorewall6.conf b/Shorewall6/shorewall6.conf
index 7a5bbbbbb..e1bbfc578 100644
--- a/Shorewall6/shorewall6.conf
+++ b/Shorewall6/shorewall6.conf
@@ -157,6 +157,8 @@ FORWARD_CLEAR_MARK=Yes
COMPLETE=No
+USE_LOCAL_MODULES=Yes
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml
index b33f7877b..cfbc984fe 100644
--- a/docs/CompiledPrograms.xml
+++ b/docs/CompiledPrograms.xml
@@ -443,6 +443,12 @@ clean:
must place a copy of the appropriate file
(modules or helpers) in the
firewall's configuration directory before compilation.
+
+ In Shorewall 4.4.17, the USE_LOCAL_MODULES option was added to
+ shorewall.conf (and shorewall6.conf). When USE_LOCAL_MODULES=Yes, any
+ modules or helpers file
+ found on the CONFIG_PATH on the Administrative System during
+ compilation will be used.
diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml
index 189d6b4cd..fcfeb4385 100644
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@@ -555,7 +555,7 @@ net all DROP infothen the chain name is 'net2all'
Beginning with Shorewall 4.4.17, the variables set in the
'params' file at compile time are available at run time with
EXPORTPARAMS=No. As a consequence, beginning with that version the
- recommended setting is EXPORTPARAMS=No.
+ recommended setting is EXPORTPARAMS=No.
It is quite difficult to code a 'params' file that assigns
other than constant values such that it works correctly with
@@ -1845,6 +1845,22 @@ net all DROP infothen the chain name is 'net2all'
+
+ USE_LOCAL_MODULES=[Yes|No]
+
+
+ Added in Shorewall 4.4.17. When set to Yes when compiling for
+ use by Shorewall LIte (shorewall load,
+ shorewall reload or shorewall
+ export commands), the compiler will copy the modules or
+ helpers file from the administrative system into the script. When
+ set to No or not specified, the compiler will not copy the modules
+ or helpers file from /usr/share/shorewall but
+ will copy the found in another location on the CONFIG_PATH.
+
+
+
VERBOSITY=[number]
diff --git a/manpages6/shorewall6.conf.xml b/manpages6/shorewall6.conf.xml
index 39cee1c93..08181f458 100644
--- a/manpages6/shorewall6.conf.xml
+++ b/manpages6/shorewall6.conf.xml
@@ -472,7 +472,7 @@ net all DROP infothen the chain name is 'net2all'
Beginning with Shorewall 4.4.17, the variables set in the
'params' file at compile time are available at run time with
EXPORTPARAMS=No. As a consequence, beginning with that version the
- recommended setting is EXPORTPARAMS=No.
+ recommended setting is EXPORTPARAMS=No.
It is quite difficult to code a 'params' file that assigns
other than constant values such that it works correctly with
@@ -1492,6 +1492,22 @@ net all DROP infothen the chain name is 'net2all'
+
+ USE_LOCAL_MODULES=[Yes|No]
+
+
+ Added in Shorewall 4.4.17. When set to Yes when compiling for
+ use by Shorewall6 LIte (shorewall6 load,
+ shorewall6 reload or shorewall6
+ export commands), the compiler will copy the modules or
+ helpers file from the administrative system into the script. When
+ set to No or not specified, the compiler will not copy the modules
+ or helpers file from /usr/share/shorewall6 but
+ will copy the found in another location on the CONFIG_PATH.
+
+
+
VERBOSITY=[number]