Remove xmodules file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4540 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-09-07 20:48:40 +00:00
parent d9b8bbb526
commit 96c9f0fedf
9 changed files with 58 additions and 139 deletions

View File

@ -234,6 +234,8 @@ else
rm -rf ${PREFIX}/var/lib/shorewall-lite rm -rf ${PREFIX}/var/lib/shorewall-lite
fi fi
delete_file ${PREFIX}/usr/share/shorewall-lite/xmodules
install_file_with_backup shorewall-lite ${PREFIX}/sbin/shorewall-lite 0544 ${PREFIX}/var/lib/shorewall-lite-${VERSION}.bkout install_file_with_backup shorewall-lite ${PREFIX}/sbin/shorewall-lite 0544 ${PREFIX}/var/lib/shorewall-lite-${VERSION}.bkout
echo "Shorewall Lite control program installed in ${PREFIX}/sbin/shorewall-lite" echo "Shorewall Lite control program installed in ${PREFIX}/sbin/shorewall-lite"
@ -315,14 +317,11 @@ install_file help ${PREFIX}/usr/share/shorewall-lite/help 0544
echo "Help command executor installed in ${PREFIX}/usr/share/shorewall-lite/help" echo "Help command executor installed in ${PREFIX}/usr/share/shorewall-lite/help"
# #
# Install the Modules files # Install the Modules file
# #
run_install $OWNERSHIP -m 0600 modules ${PREFIX}/usr/share/shorewall-lite/modules run_install $OWNERSHIP -m 0600 modules ${PREFIX}/usr/share/shorewall-lite/modules
echo "Modules file installed as ${PREFIX}/usr/share/shorewall-lite/modules" echo "Modules file installed as ${PREFIX}/usr/share/shorewall-lite/modules"
run_install $OWNERSHIP -m 0600 xmodules ${PREFIX}/usr/share/shorewall-lite/xmodules
echo "Xmodules file installed as ${PREFIX}/usr/share/shorewall-lite/xmodules"
# #
# Create the version file # Create the version file
# #

View File

@ -412,14 +412,11 @@ if [ ! -f ${PREFIX}/etc/shorewall/masq ]; then
echo "Masquerade file installed as ${PREFIX}/etc/shorewall/masq" echo "Masquerade file installed as ${PREFIX}/etc/shorewall/masq"
fi fi
# #
# Install the Modules files # Install the Modules file
# #
run_install $OWNERSHIP -m 0600 modules ${PREFIX}/usr/share/shorewall/modules run_install $OWNERSHIP -m 0600 modules ${PREFIX}/usr/share/shorewall/modules
echo "Modules file installed as ${PREFIX}/usr/share/shorewall/modules" echo "Modules file installed as ${PREFIX}/usr/share/shorewall/modules"
run_install $OWNERSHIP -m 0600 xmodules ${PREFIX}/usr/share/shorewall/xmodules
echo "Xmodules file installed as ${PREFIX}/usr/share/shorewall/xmodules"
# #
# Install the TC Rules file # Install the TC Rules file
# #
@ -477,6 +474,10 @@ delete_file ${PREFIX}/usr/share/shorewall/Limit
# #
delete_file ${PREFIX}/usr/share/shorewall/functions delete_file ${PREFIX}/usr/share/shorewall/functions
# #
# Delete the xmodules file
#
delete_file ${PREFIX}/usr/share/shorewall/xmodules
#
# Install the Providers file # Install the Providers file
# #
run_install $OWNERSHIP -m 0644 providers ${PREFIX}/usr/share/shorewall/configfiles/providers run_install $OWNERSHIP -m 0644 providers ${PREFIX}/usr/share/shorewall/configfiles/providers

View File

@ -1,7 +1,7 @@
# #
# Shorewall version 3.2 - Modules File # Shorewall version 3.2 - Modules File
# #
# /usr/share/shorewall/modules # /usr/share/shorewall/xmodules
# #
# This file loads the modules needed by the firewall. # This file loads the modules needed by the firewall.
# #
@ -16,11 +16,33 @@
# #
# Essential Modules # Essential Modules
# #
loadmodule nfnetlink
loadmodule x_tables
loadmodule ip_tables loadmodule ip_tables
loadmodule iptable_filter loadmodule iptable_filter
loadmodule iptable_mangle loadmodule iptable_mangle
loadmodule ip_conntrack loadmodule ip_conntrack
loadmodule iptable_nat loadmodule iptable_nat
loadmodule xt_state
loadmodule xt_tcpudp
#
# Other xtables modules
#
loadmodule xt_CLASSIFY
loadmodule xt_connmark
loadmodule xt_CONNMARK
loadmodule xt_conntrack
loadmodule xt_dccp
loadmodule xt_helper
loadmodule xt_length
loadmodule xt_limit
loadmodule xt_mac
loadmodule xt_mark
loadmodule xt_MARK
loadmodule xt_NFQUEUE
loadmodule xt_physdev
loadmodule xt_pkttype
loadmodule xt_tcpmss
# #
# Helpers # Helpers
# #

View File

@ -634,6 +634,7 @@ start_command() {
do_it do_it
fi fi
} }
# #
# Compile Command Executor # Compile Command Executor
# #
@ -704,6 +705,7 @@ compile_command() {
exec $SHOREWALL_SHELL ${SHAREDIR}/compiler $debugging compile $file exec $SHOREWALL_SHELL ${SHAREDIR}/compiler $debugging compile $file
} }
# #
# Check Command Executor # Check Command Executor
# #

View File

@ -181,7 +181,6 @@ fi
%attr(0644,root,root) /usr/share/shorewall/prog.header %attr(0644,root,root) /usr/share/shorewall/prog.header
%attr(0644,root,root) /usr/share/shorewall/rfc1918 %attr(0644,root,root) /usr/share/shorewall/rfc1918
%attr(0644,root,root) /usr/share/shorewall/configpath %attr(0644,root,root) /usr/share/shorewall/configpath
%attr(0644,root,root) /usr/share/shorewall/xmodules
%attr(0644,root,root) /usr/share/shorewall/configfiles/shorewall.conf %attr(0644,root,root) /usr/share/shorewall/configfiles/shorewall.conf
%attr(0644,root,root) /usr/share/shorewall/configfiles/zones %attr(0644,root,root) /usr/share/shorewall/configfiles/zones

View File

@ -1,118 +0,0 @@
#
# Shorewall version 3.2 - xtables Modules File
#
# /usr/share/shorewall/xmodules
#
# This file loads the modules needed by the firewall on 2.6.16 and later
# kernels.
#
# THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
# dependency order. i.e., if M2 depends on M1 then you must load M1
# before you load M2.
#
# For additional information, see
# http://shorewall.net/Documentation.htm#modules
#
###############################################################################
#
# Essential Modules
#
loadmodule nfnetlink
loadmodule x_tables
loadmodule ip_tables
loadmodule iptable_filter
loadmodule iptable_mangle
loadmodule ip_conntrack
loadmodule iptable_nat
loadmodule xt_state
loadmodule xt_tcpudp
#
# Other xtables modules
#
loadmodule xt_CLASSIFY
loadmodule xt_connmark
loadmodule xt_CONNMARK
loadmodule xt_conntrack
loadmodule xt_dccp
loadmodule xt_helper
loadmodule xt_length
loadmodule xt_limit
loadmodule xt_mac
loadmodule xt_mark
loadmodule xt_MARK
loadmodule xt_NFQUEUE
loadmodule xt_physdev
loadmodule xt_pkttype
loadmodule xt_tcpmss
#
# Helpers
#
loadmodule ip_conntrack_ftp
loadmodule ip_conntrack_tftp
loadmodule ip_conntrack_irc
loadmodule iptable_nat
loadmodule ip_nat_ftp
loadmodule ip_nat_tftp
loadmodule ip_nat_irc
loadmodule ip_set
loadmodule ip_set_iphash
loadmodule ip_set_ipmap
loadmodule ip_set_macipmap
loadmodule ip_set_portmap
#
# Traffic Shaping
#
loadmodule sch_sfq
loadmodule sch_ingress
loadmodule sch_htb
loadmodule cls_u32
#
# Extensions
#
loadmodule ipt_addrtype
loadmodule ipt_ah
loadmodule ipt_CLASSIFY
loadmodule ipt_CLUSTERIP
loadmodule ipt_comment
loadmodule ipt_connmark
loadmodule ipt_CONNMARK
loadmodule ipt_conntrack
loadmodule ipt_dscp
loadmodule ipt_DSCP
loadmodule ipt_ecn
loadmodule ipt_ECN
loadmodule ipt_esp
loadmodule ipt_hashlimit
loadmodule ipt_helper
loadmodule ipt_ipp2p
loadmodule ipt_iprange
loadmodule ipt_length
loadmodule ipt_limit
loadmodule ipt_LOG
loadmodule ipt_mac
loadmodule ipt_mark
loadmodule ipt_MARK
loadmodule ipt_MASQUERADE
loadmodule ipt_multiport
loadmodule ipt_NETMAP
loadmodule ipt_NOTRACK
loadmodule ipt_owner
loadmodule ipt_physdev
loadmodule ipt_pkttype
loadmodule ipt_policy
loadmodule ipt_realm
loadmodule ipt_recent
loadmodule ipt_REDIRECT
loadmodule ipt_REJECT
loadmodule ipt_SAME
loadmodule ipt_sctp
loadmodule ipt_set
loadmodule ipt_state
loadmodule ipt_tcpmss
loadmodule ipt_TCPMSS
loadmodule ipt_tos
loadmodule ipt_TOS
loadmodule ipt_ttl
loadmodule ipt_TTL
loadmodule ipt_ULOG
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

View File

@ -3375,10 +3375,13 @@ $FW chld ACCEPT</programlisting>
<term>MODULESDIR</term> <term>MODULESDIR</term>
<listitem> <listitem>
<para>This parameter specifies the directory where your kernel <para>This parameter specifies the directory/directories where your
netfilter modules may be found. If you leave the variable empty, kernel netfilter modules may be found. If you leave the variable
Shorewall will supply the value "/lib/modules/`uname empty, Shorewall will supply the value "/lib/modules/`uname
-r`/kernel/net/ipv4/netfilter.</para> -r`/kernel/net/ipv4/netfilter" in versions of Shorewall prior to
3.2.4 and "/lib/modules/`uname
-r`/kernel/net/ipv4/netfilter:/lib/modules/`uname
-r`/kernel/net/ipv4/netfilter" in later versions.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -3627,6 +3630,16 @@ LOGBURST=5</programlisting>
provided that it exists and that the directory specified by the MODULESDIR provided that it exists and that the directory specified by the MODULESDIR
parameter exists (see <xref linkend="Conf" /> above).</para> parameter exists (see <xref linkend="Conf" /> above).</para>
<important>
<para>This file was moved to <filename
class="directory">/usr/share/shorewall</filename> in Shorewall version
3.2.0.</para>
<para>If you have an earlier kernel but need to modify the modules file,
then copy <filename>/usr/share/shorewall/modules</filename> to
<filename>/etc/shorewall/modules</filename> and modify the copy.</para>
</important>
<para>The file that is released with Shorewall calls the Shorewall <para>The file that is released with Shorewall calls the Shorewall
function <quote>loadmodule</quote> for the set of modules that I function <quote>loadmodule</quote> for the set of modules that I
load.</para> load.</para>

View File

@ -222,14 +222,15 @@ dmz eth2 detect</programlisting>
file. If no rule in that file matches the connection request then the file. If no rule in that file matches the connection request then the
first policy in <filename first policy in <filename
class="directory">/etc/shorewall/</filename><filename>policy</filename> class="directory">/etc/shorewall/</filename><filename>policy</filename>
that matches the request is applied. If there is a common action defined that matches the request is applied. If there is a default action defined
for the policy in /etc/shorewall/actions (or for the policy in /etc/shorewall/actions (or
<filename>/usr/share/shorewall/actions.std</filename>) then that action is <filename>/usr/share/shorewall/actions.std</filename>) then that action is
invoked before the policy is enforces. In the standard Shorewall invoked before the policy is enforced. In the standard Shorewall
distribution, the DROP policy has a common action called <emphasis distribution, the DROP policy has a default action called <emphasis
role="bold">Drop</emphasis> and the REJECT policy has a common action role="bold">Drop</emphasis> and the REJECT policy has a default action
called <emphasis role="bold">Reject</emphasis>. Common actions are used called <emphasis role="bold">Reject</emphasis>. Default actions are used
primarily to discard</para> primarily to discard packets silently so that they don't clutter up your
log.</para>
<para>The <filename <para>The <filename
class="directory">/etc/shorewall/</filename><filename>policy</filename> class="directory">/etc/shorewall/</filename><filename>policy</filename>

View File

@ -48,7 +48,7 @@
<para>Please read the short article <ulink <para>Please read the short article <ulink
url="Introduction.html">Introduction to Shorewall</ulink> to familiarize url="Introduction.html">Introduction to Shorewall</ulink> to familiarize
yourself with basic Shorewall features.</para> yourself with basic Shorewall concepts.</para>
</section> </section>
<section id="Guides"> <section id="Guides">