From 946602bc1ccd0c4b7ece8676929e08ee1cc55f84 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 6 Feb 2011 08:15:50 -0800
Subject: [PATCH] Modules file breakup for IPv6

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/releasenotes.txt           | 18 +++----
 Shorewall6-lite/install.sh           |  5 ++
 Shorewall6-lite/shorewall6-lite.spec |  2 +-
 Shorewall6/install.sh                |  5 ++
 Shorewall6/modules                   | 73 ++--------------------------
 Shorewall6/modules.essential         | 27 ++++++++++
 Shorewall6/modules.extensions        | 16 ++++++
 Shorewall6/modules.tc                | 25 ++++++++++
 Shorewall6/modules.xtables           | 42 ++++++++++++++++
 Shorewall6/shorewall6.spec           |  2 +-
 10 files changed, 136 insertions(+), 79 deletions(-)
 create mode 100644 Shorewall6/modules.essential
 create mode 100644 Shorewall6/modules.extensions
 create mode 100644 Shorewall6/modules.tc
 create mode 100644 Shorewall6/modules.xtables

diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index ca8b2a840..9b86e508f 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -26,19 +26,19 @@ None.
       I I I.  N E W   F E A T U R E S   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------
 
-1)  The modules file is now just a driver that INCLUDEs several new
+1)  The modules files are now just a driver that INCLUDE several new
     files and one old file:
 
-    - /usr/share/shorewall/modules.essential  # Essential modules
-    - /usr/share/shorewall/modules.xtables    # xt_ modules
-    - /usr/share/shorewall/helpers            # Existing file
-    - /usr/share/shorewall/ipset              # ipset modules
-    - /usr/share/shorewall/modules.tc         # Traffic Shaping
-    - /usr/share/shorewall/modules.extensions # Other extensions
+    - /usr/share/shorewall[6]/modules.essential  # Essential modules
+    - /usr/share/shorewall[6]/modules.xtables    # xt_ modules
+    - /usr/share/shorewall[6]/helpers            # Existing file
+    - /usr/share/shorewall/ipset                 # ipset modules
+    - /usr/share/shorewall[6]/modules.tc         # Traffic Shaping
+    - /usr/share/shorewall[6]/modules.extensions # Other extensions
 
     This should make it easier to configure your own
-    /etc/shorewall/modules file that won't be obsolete when you upgrade
-    your Shorewall installation.
+    /etc/shorewall[6]/modules file that won't be obsolete when you
+    upgrade your Shorewall/Shorewall6 installation.
 
     For example, if you don't use traffic shaping or ipsets, you can
     remove those from your modules file.
diff --git a/Shorewall6-lite/install.sh b/Shorewall6-lite/install.sh
index cf0d9f4b9..aa7e7cd0a 100755
--- a/Shorewall6-lite/install.sh
+++ b/Shorewall6-lite/install.sh
@@ -299,6 +299,11 @@ if [ -f modules ]; then
     echo "Modules file installed as ${DESTDIR}/usr/share/shorewall6-lite/modules"
 fi
 
+for f in modules.*; do
+    run_install $OWNERSHIP -m 0644 $f ${DESTDIR}/usr/share/shorewall6-lite/$f
+    echo "Modules file $f installed as ${DESTDIR}/usr/share/shorewall6-lite/$f"
+fi
+
 if [ -d manpages ]; then
     #
     # Install the Man Pages
diff --git a/Shorewall6-lite/shorewall6-lite.spec b/Shorewall6-lite/shorewall6-lite.spec
index 8ade12004..1a84c8959 100644
--- a/Shorewall6-lite/shorewall6-lite.spec
+++ b/Shorewall6-lite/shorewall6-lite.spec
@@ -81,7 +81,7 @@ fi
 %attr(0644,root,root) /usr/share/shorewall6-lite/lib.base
 %attr(0644,root,root) /usr/share/shorewall6-lite/lib.cli
 %attr(0644,root,root) /usr/share/shorewall6-lite/lib.common
-%attr(0644,root,root) /usr/share/shorewall6-lite/modules
+%attr(0644,root,root) /usr/share/shorewall6-lite/modules*
 %attr(0544,root,root) /usr/share/shorewall6-lite/shorecap
 %attr(0755,root,root) /usr/share/shorewall6-lite/wait4ifup
 
diff --git a/Shorewall6/install.sh b/Shorewall6/install.sh
index a9e57d0fc..ea73f6155 100755
--- a/Shorewall6/install.sh
+++ b/Shorewall6/install.sh
@@ -395,6 +395,11 @@ fi
 run_install $OWNERSHIP -m 0644 modules ${DESTDIR}/usr/share/shorewall6/modules
 echo "Modules file installed as ${DESTDIR}/usr/share/shorewall6/modules"
 
+for f in modules.*; do
+    run_install $OWNERSHIP -m 0644 $f ${DESTDIR}/usr/share/shorewall6/$f
+    echo "Modules file $f installed as ${DESTDIR}/usr/share/shorewall6/$f"
+fi
+
 #
 # Install the Module Helpers file
 #
diff --git a/Shorewall6/modules b/Shorewall6/modules
index f25f8f971..a71215c7a 100644
--- a/Shorewall6/modules
+++ b/Shorewall6/modules
@@ -16,83 +16,20 @@
 #
 # Essential Modules
 #
-loadmodule nfnetlink
-loadmodule x_tables
-loadmodule ip6_tables 
-loadmodule ip6table_filter 
-loadmodule ip6table_mangle 
-loadmodule ip6table_raw
-loadmodule xt_conntrack
-loadmodule nf_conntrack_ipv6
-loadmodule xt_state
-loadmodule xt_tcpudp
-loadmodule ip6t_REJECT
-loadmodule ip6t_LOG
+INCLUDE modules.essential
 #
 # Other xtables modules
 #
-loadmodule xt_CLASSIFY
-loadmodule xt_connmark
-loadmodule xt_CONNMARK
-loadmodule xt_conntrack
-loadmodule xt_dccp
-loadmodule xt_dscp
-loadmodule xt_DSCP
-loadmodule xt_hashlimit
-loadmodule xt_helper
-loadmodule xt_iprange
-loadmodule xt_length
-loadmodule xt_limit
-loadmodule xt_mac
-loadmodule xt_mark
-loadmodule xt_MARK
-loadmodule xt_multiport
-loadmodule xt_NFQUEUE
-loadmodule xt_owner
-loadmodule xt_physdev
-loadmodule xt_pkttype
-loadmodule xt_policy
-loadmodule xt_sctp
-loadmodule xt_tcpmss
-loadmodule xt_TCPMSS
-loadmodule xt_time
-loadmodule xt_IPMARK
-loadmodule xt_TPROXY
+INCLUDE modules.xtables
 #
 # Helpers
 #
-loadmodule nf_conntrack_amanda
-loadmodule nf_conntrack_ftp
-loadmodule nf_conntrack_h323
-loadmodule nf_conntrack_irc
-loadmodule nf_conntrack_netbios_ns
-loadmodule nf_conntrack_netbios_ns
-loadmodule nf_conntrack_netlink
-loadmodule nf_conntrack_pptp
-loadmodule nf_conntrack_proto_sctp
-loadmodule nf_conntrack_proto_udplite
-loadmodule nf_conntrack_sane
-loadmodule nf_conntrack_sip
-loadmodule nf_conntrack_pptp
-loadmodule nf_conntrack_proto_gre
-loadmodule nf_conntrack_proto_sctp
-loadmodule nf_conntrack_sip
-loadmodule nf_conntrack_tftp
-loadmodule nf_conntrack_sane
+INCLUDE helpers
 #
 # Traffic Shaping
 #
-loadmodule sch_sfq
-loadmodule sch_ingress
-loadmodule sch_htb
-loadmodule sch_hfsc
-loadmodule sch_prio
-loadmodule sch_tbf
-loadmodule cls_u32
-loadmodule cls_fw
-loadmodule cls_flow
-loadmodule act_police
+INCLUDE modules.tc
 #
 # Extensions
 #
-loadmodule ip6_queue
+INCLUDE modules.extensions
diff --git a/Shorewall6/modules.essential b/Shorewall6/modules.essential
new file mode 100644
index 000000000..1d631000c
--- /dev/null
+++ b/Shorewall6/modules.essential
@@ -0,0 +1,27 @@
+#
+# Shorewall6 version 4 - Essential Modules File
+#
+# /usr/share/shorewall6/modules.essential
+#
+#	This file loads the modules that may be needed by the firewall.
+#
+#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+#	dependency order. i.e., if M2 depends on M1 then you must load M1
+#	before you load M2.
+#
+#  If you need to modify this file, copy it to /etc/shorewall and modify the
+#  copy.
+#
+###############################################################################
+loadmodule nfnetlink
+loadmodule x_tables
+loadmodule ip6_tables 
+loadmodule ip6table_filter 
+loadmodule ip6table_mangle 
+loadmodule ip6table_raw
+loadmodule xt_conntrack
+loadmodule nf_conntrack_ipv6
+loadmodule xt_state
+loadmodule xt_tcpudp
+loadmodule ip6t_REJECT
+loadmodule ip6t_LOG
diff --git a/Shorewall6/modules.extensions b/Shorewall6/modules.extensions
new file mode 100644
index 000000000..9c61d94a5
--- /dev/null
+++ b/Shorewall6/modules.extensions
@@ -0,0 +1,16 @@
+#
+# Shorewall6 version 4 - Extensions Modules File
+#
+# /usr/share/shorewall6/modules.extension
+#
+#	This file loads the modules that may be needed by the firewall.
+#
+#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+#	dependency order. i.e., if M2 depends on M1 then you must load M1
+#	before you load M2.
+#
+#  If you need to modify this file, copy it to /etc/shorewall and modify the
+#  copy.
+#
+###############################################################################
+loadmodule ip6_queue
diff --git a/Shorewall6/modules.tc b/Shorewall6/modules.tc
new file mode 100644
index 000000000..4e39c53fc
--- /dev/null
+++ b/Shorewall6/modules.tc
@@ -0,0 +1,25 @@
+#
+# Shorewall6 version 4 - Traffic Shaping Modules File
+#
+# /usr/share/shorewall6/modules.tc
+#
+#	This file loads the modules that may be needed by the firewall.
+#
+#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+#	dependency order. i.e., if M2 depends on M1 then you must load M1
+#	before you load M2.
+#
+#  If you need to modify this file, copy it to /etc/shorewall and modify the
+#  copy.
+#
+###############################################################################
+loadmodule sch_sfq
+loadmodule sch_ingress
+loadmodule sch_htb
+loadmodule sch_hfsc
+loadmodule sch_prio
+loadmodule sch_tbf
+loadmodule cls_u32
+loadmodule cls_fw
+loadmodule cls_flow
+loadmodule act_police
diff --git a/Shorewall6/modules.xtables b/Shorewall6/modules.xtables
new file mode 100644
index 000000000..21e3fcae1
--- /dev/null
+++ b/Shorewall6/modules.xtables
@@ -0,0 +1,42 @@
+#
+# Shorewall6 version 4 - Xtables Modules File
+#
+# /usr/share/shorewall6/modules.xtables
+#
+#	This file loads the modules that may be needed by the firewall.
+#
+#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
+#	dependency order. i.e., if M2 depends on M1 then you must load M1
+#	before you load M2.
+#
+#  If you need to modify this file, copy it to /etc/shorewall and modify the
+#  copy.
+#
+###############################################################################
+loadmodule xt_CLASSIFY
+loadmodule xt_connmark
+loadmodule xt_CONNMARK
+loadmodule xt_conntrack
+loadmodule xt_dccp
+loadmodule xt_dscp
+loadmodule xt_DSCP
+loadmodule xt_hashlimit
+loadmodule xt_helper
+loadmodule xt_iprange
+loadmodule xt_length
+loadmodule xt_limit
+loadmodule xt_mac
+loadmodule xt_mark
+loadmodule xt_MARK
+loadmodule xt_multiport
+loadmodule xt_NFQUEUE
+loadmodule xt_owner
+loadmodule xt_physdev
+loadmodule xt_pkttype
+loadmodule xt_policy
+loadmodule xt_sctp
+loadmodule xt_tcpmss
+loadmodule xt_TCPMSS
+loadmodule xt_time
+loadmodule xt_IPMARK
+loadmodule xt_TPROXY
diff --git a/Shorewall6/shorewall6.spec b/Shorewall6/shorewall6.spec
index 6d69dffe9..bacd2138d 100644
--- a/Shorewall6/shorewall6.spec
+++ b/Shorewall6/shorewall6.spec
@@ -85,7 +85,7 @@ fi
 %attr(0644,root,root) /usr/share/shorewall6/lib.cli
 %attr(0644,root,root) /usr/share/shorewall6/lib.common
 %attr(0644,root,root) /usr/share/shorewall6/macro.*
-%attr(0644,root,root) /usr/share/shorewall6/modules
+%attr(0644,root,root) /usr/share/shorewall6/modules*
 %attr(0644,root,root) /usr/share/shorewall6/helpers
 %attr(0644,root,root) /usr/share/shorewall6/configpath
 %attr(0755,root,root) /usr/share/shorewall6/wait4ifup