shorewall-modules 5 Configuration Files modules Shorewall file /usr/share/shorewall[6]/modules /usr/share/shorewall[6]/helpers These files specify which kernel modules Shorewall will load before trying to determine your iptables/kernel's capabilities. The modules file is used when LOAD_HELPERS_ONLY=No in shorewall.conf(8); the helpers file is used when LOAD_HELPERS_ONLY=Yes Beginning with Shorewall 5.2.3, the LOAD_HELPERS_ONLY option has been removed and the behavior is the same as if LOAD_HELPERS_ONLY=Yes was specified. Each record in the files has the following format: loadmodule modulename moduleoption The modulename names a kernel module (without suffix). Shorewall will search for modules based on your MODULESDIR setting in shorewall.conf(8). The moduleoptions are passed to modprobe (if installed) or to insmod. The /usr/share/shorewall/modules file contains a large number of modules. Users are encouraged to copy the file to /etc/shorewall/modules and modify the copy to load only the modules required or to use LOAD_HELPERS_ONLY=Yes. If you build monolithic kernels and have not installed module-init-tools, then create an empty /etc/shorewall/modules file; that will prevent Shorewall from trying to load modules at all. loadmodule ip_conntrack_ftp ports=21,221 /usr/share/shorewall/modules /usr/share/shorewall/helpers /etc/shorewall/modules /etc/shorewall/helpers /usr/share/shorewall6/modules /usr/share/shorewall6/helpers /etc/shorewall6/modules /etc/shorewall6/helpers shorewall(8)