diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm index 5367ae11c..140218d3c 100644 --- a/Shorewall/Perl/Shorewall/Misc.pm +++ b/Shorewall/Perl/Shorewall/Misc.pm @@ -554,9 +554,11 @@ sub add_common_rules() { if ( @filters ) { add_ijump( $chainref , @ipsec ? 'j' : 'g' => $target1, imatch_source_net( $_ ), @ipsec ), $chainref->{filtered}++ for @filters; + $interfaceref->{options}{use_forward_chain} = 1; } elsif ( $interfaceref->{bridge} eq $interface ) { add_ijump( $chainref , @ipsec ? 'j' : 'g' => $target1, imatch_dest_dev( $interface ), @ipsec ), $chainref->{filtered}++ unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter} || $interfaceref->{physical} eq '+'; + $interfaceref->{options}{use_forward_chain} = 1; } add_ijump( $chainref, j => 'ACCEPT', state_imatch 'ESTABLISHED,RELATED' ), $chainref->{filtered}++ if $config{FASTACCEPT}; @@ -566,6 +568,7 @@ sub add_common_rules() { if ( @filters ) { add_ijump( $chainref , g => $target, imatch_source_net( $_ ), @ipsec ), $chainref->{filtered}++ for @filters; + $interfaceref->{options}{use_input_chain} = 1; } add_ijump( $chainref, j => 'ACCEPT', state_imatch 'ESTABLISHED,RELATED' ), $chainref->{filtered}++ if $config{FASTACCEPT}; diff --git a/Shorewall/Perl/prog.header6 b/Shorewall/Perl/prog.header6 index e6ad5b847..617611b2a 100644 --- a/Shorewall/Perl/prog.header6 +++ b/Shorewall/Perl/prog.header6 @@ -822,6 +822,9 @@ debug_restore_input() { '*'raw) table=raw ;; + '*'rawpost) + table=rawpost + ;; '*'mangle) table=mangle ;; diff --git a/Shorewall/lib.common b/Shorewall/lib.common index 1f61b77ba..80bc0c9a7 100644 --- a/Shorewall/lib.common +++ b/Shorewall/lib.common @@ -294,7 +294,7 @@ reload_kernel_modules() { uname=$(uname -r) && \ MODULESDIR=/lib/modules/$uname/kernel/net/ipv4/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset - MODULES=$(lsmod | cut -d ' ' -f1) + [ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1) for directory in $(split $MODULESDIR); do [ -d $directory ] && moduledirectories="$moduledirectories $directory" @@ -340,7 +340,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR [ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules) if [ -f $modules -a -n "$moduledirectories" ]; then - MODULES=$(lsmod | cut -d ' ' -f1) + [ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1) progress_message "Loading Modules..." . $modules if [ $savemoduleinfo = Yes ]; then diff --git a/Shorewall6/lib.common b/Shorewall6/lib.common index dfe2c700d..2c84d0f9a 100644 --- a/Shorewall6/lib.common +++ b/Shorewall6/lib.common @@ -312,7 +312,7 @@ reload_kernel_modules() { [ -n "${MODULE_SUFFIX:=ko ko.gz o o.gz gz}" ] [ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv6/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter:/lib/modules/$(uname -r)/kernel/net/sched - MODULES=$(lsmod | cut -d ' ' -f1) + [ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1) for directory in $(split $MODULESDIR); do [ -d $directory ] && moduledirectories="$moduledirectories $directory" @@ -356,7 +356,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR [ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules) if [ -f $modules -a -n "$moduledirectories" ]; then - MODULES=$(lsmod | cut -d ' ' -f1) + [ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1) progress_message "Loading Modules..." . $modules if [ $savemoduleinfo = Yes ]; then diff --git a/docs/FAQ.xml b/docs/FAQ.xml index 8bb37055b..16a72ff5a 100644 --- a/docs/FAQ.xml +++ b/docs/FAQ.xml @@ -1596,7 +1596,7 @@ teastep@ursa:~$ The first number determines the maximum log - filter + sfilter On systems running Shorewall 4.4.20 or later, either the @@ -1604,7 +1604,7 @@ teastep@ursa:~$ The first number determines the maximum log url="manpages/shorewall-interfaces.html">interface option or it is being routed out of the same interface on which it arrived and the interface does not have the - routeback or interface option.