forked from extern/shorewall_code
Fix module load/detect capability order
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1366 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
102743a0e3
commit
666ae8701f
@ -69,3 +69,5 @@ Changes since 2.0.1
|
||||
33) Create /var/lib/shorewall if it doesn't exist.
|
||||
|
||||
34) Fix dynamic in chains in the nat table.
|
||||
|
||||
35) Load modules before detecting capabilities.
|
||||
|
@ -2285,7 +2285,7 @@ check_config() {
|
||||
|
||||
verify_os_version
|
||||
|
||||
load_kernel_modules
|
||||
load_kernel_modules check
|
||||
|
||||
echo "Determining Zones..."
|
||||
|
||||
@ -4527,30 +4527,32 @@ add_ip_aliases()
|
||||
#
|
||||
# Load kernel modules required for Shorewall
|
||||
#
|
||||
load_kernel_modules() {
|
||||
load_kernel_modules() #1 = command
|
||||
{
|
||||
|
||||
[ -z "$MODULESDIR" ] && \
|
||||
MODULESDIR=/lib/modules/$osversion/kernel/net/ipv4/netfilter
|
||||
MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
|
||||
|
||||
modules=$(find_file modules)
|
||||
|
||||
if [ -f $modules -a -d $MODULESDIR ]; then
|
||||
echo "Loading Modules..."
|
||||
[ "$1" = silent ] || echo "Loading Modules..."
|
||||
. $modules
|
||||
case $1 in
|
||||
start|restart)
|
||||
save_command "reload_kernel_modules <<EOF"
|
||||
|
||||
if [ "$command" != check ]; then
|
||||
save_command "reload_kernel_modules <<EOF"
|
||||
|
||||
while read command; do
|
||||
case "$command" in
|
||||
loadmodule*)
|
||||
save_command $command
|
||||
;;
|
||||
esac
|
||||
done < $modules
|
||||
while read command; do
|
||||
case "$command" in
|
||||
loadmodule*)
|
||||
save_command $command
|
||||
;;
|
||||
esac
|
||||
done < $modules
|
||||
|
||||
save_command EOF
|
||||
fi
|
||||
save_command EOF
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
}
|
||||
|
||||
@ -5410,7 +5412,7 @@ define_firewall() # $1 = Command (Start or Restart)
|
||||
save_command "MODULESDIR=\"$MODULESDIR\""
|
||||
save_command "MODULE_SUFFIX=\"$MODULE_SUFFIX\""
|
||||
|
||||
load_kernel_modules
|
||||
load_kernel_modules $command
|
||||
|
||||
echo "Initializing..."; initialize_netfilter
|
||||
echo "Configuring Proxy ARP"; setup_proxy_arp
|
||||
@ -5934,7 +5936,9 @@ do_initialize() {
|
||||
ensure_config_path
|
||||
#
|
||||
# Determine the capabilities of the installed iptables/netfilter
|
||||
# We silently load the modules
|
||||
#
|
||||
qt load_kernel_modules silent
|
||||
determine_capabilities
|
||||
|
||||
[ -z "${STATEDIR}" ] && STATEDIR=/var/state/shorewall
|
||||
|
@ -34,6 +34,9 @@ Problems Corrected since 2.0.2
|
||||
used, these rules cause the rule to be checked against ALL input,
|
||||
not just input from the designated zone.
|
||||
|
||||
6) Shorewall checks netfilter capabilities before loading kernel
|
||||
modules. Hence if kernel module autoloading isn't enabled, the
|
||||
capabilities will be misdetected.
|
||||
-----------------------------------------------------------------------
|
||||
Issues when migrating from Shorewall 2.0.1 to Shorewall 2.0.2:
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user