holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix module load/detect capability order

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1366 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-05-28 00:08:14 +00:00
parent 102743a0e3
commit 666ae8701f
3 changed files with 26 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
STABLE2/changelog.txt
View File

@ -69,3 +69,5 @@ Changes since 2.0.1
33) Create /var/lib/shorewall if it doesn't exist. 33) Create /var/lib/shorewall if it doesn't exist.
34) Fix dynamic in chains in the nat table. 34) Fix dynamic in chains in the nat table.
35) Load modules before detecting capabilities.

38
STABLE2/firewall
View File

@ -2285,7 +2285,7 @@ check_config() {
verify_os_version verify_os_version
load_kernel_modules load_kernel_modules check
echo "Determining Zones..." echo "Determining Zones..."
@ -4527,30 +4527,32 @@ add_ip_aliases()
# #
# Load kernel modules required for Shorewall # Load kernel modules required for Shorewall
# #
load_kernel_modules() { load_kernel_modules() #1 = command
{
[ -z "$MODULESDIR" ] && \ [ -z "$MODULESDIR" ] && \
MODULESDIR=/lib/modules/$osversion/kernel/net/ipv4/netfilter MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
modules=$(find_file modules) modules=$(find_file modules)
if [ -f $modules -a -d $MODULESDIR ]; then if [ -f $modules -a -d $MODULESDIR ]; then
echo "Loading Modules..." [ "$1" = silent ] || echo "Loading Modules..."
. $modules . $modules
case $1 in
start|restart)
save_command "reload_kernel_modules <<EOF"
if [ "$command" != check ]; then while read command; do
save_command "reload_kernel_modules <<EOF" case "$command" in
loadmodule*)
while read command; do save_command $command
case "$command" in ;;
loadmodule*) esac
save_command $command done < $modules
;;
esac
done < $modules
save_command EOF save_command EOF
fi ;;
esac
fi fi
} }
@ -5410,7 +5412,7 @@ define_firewall() # $1 = Command (Start or Restart)
save_command "MODULESDIR=\"$MODULESDIR\"" save_command "MODULESDIR=\"$MODULESDIR\""
save_command "MODULE_SUFFIX=\"$MODULE_SUFFIX\"" save_command "MODULE_SUFFIX=\"$MODULE_SUFFIX\""
load_kernel_modules load_kernel_modules $command
echo "Initializing..."; initialize_netfilter echo "Initializing..."; initialize_netfilter
echo "Configuring Proxy ARP"; setup_proxy_arp echo "Configuring Proxy ARP"; setup_proxy_arp
@ -5934,7 +5936,9 @@ do_initialize() {
ensure_config_path ensure_config_path
# #
# Determine the capabilities of the installed iptables/netfilter # Determine the capabilities of the installed iptables/netfilter
# We silently load the modules
# #
qt load_kernel_modules silent
determine_capabilities determine_capabilities
[ -z "${STATEDIR}" ] && STATEDIR=/var/state/shorewall [ -z "${STATEDIR}" ] && STATEDIR=/var/state/shorewall

3
STABLE2/releasenotes.txt
View File

@ -34,6 +34,9 @@ Problems Corrected since 2.0.2
used, these rules cause the rule to be checked against ALL input, used, these rules cause the rule to be checked against ALL input,
not just input from the designated zone. not just input from the designated zone.
6) Shorewall checks netfilter capabilities before loading kernel
modules. Hence if kernel module autoloading isn't enabled, the
capabilities will be misdetected.
----------------------------------------------------------------------- -----------------------------------------------------------------------
Issues when migrating from Shorewall 2.0.1 to Shorewall 2.0.2: Issues when migrating from Shorewall 2.0.1 to Shorewall 2.0.2: