Remove xmodules file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4540 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-lite/install.sh

@@ -234,6 +234,8 @@ else
     rm -rf ${PREFIX}/var/lib/shorewall-lite
 fi
 
+delete_file ${PREFIX}/usr/share/shorewall-lite/xmodules
+
 install_file_with_backup shorewall-lite ${PREFIX}/sbin/shorewall-lite 0544 ${PREFIX}/var/lib/shorewall-lite-${VERSION}.bkout
 
 echo "Shorewall Lite control program installed in ${PREFIX}/sbin/shorewall-lite"
@@ -315,14 +317,11 @@ install_file help ${PREFIX}/usr/share/shorewall-lite/help 0544
 echo "Help command executor installed in ${PREFIX}/usr/share/shorewall-lite/help"
 
 #
-# Install the Modules files
+# Install the Modules file
 #
 run_install $OWNERSHIP -m 0600 modules ${PREFIX}/usr/share/shorewall-lite/modules
 echo "Modules file installed as ${PREFIX}/usr/share/shorewall-lite/modules"
 
-run_install $OWNERSHIP -m 0600 xmodules ${PREFIX}/usr/share/shorewall-lite/xmodules
-echo "Xmodules file installed as ${PREFIX}/usr/share/shorewall-lite/xmodules"
-
 #
 # Create the version file
 #

Shorewall/install.sh

@@ -412,14 +412,11 @@ if [ ! -f ${PREFIX}/etc/shorewall/masq ]; then
     echo "Masquerade file installed as ${PREFIX}/etc/shorewall/masq"
 fi
 #
-# Install the Modules files
+# Install the Modules file
 #
 run_install $OWNERSHIP -m 0600 modules ${PREFIX}/usr/share/shorewall/modules
 echo "Modules file installed as ${PREFIX}/usr/share/shorewall/modules"
 
-run_install $OWNERSHIP -m 0600 xmodules ${PREFIX}/usr/share/shorewall/xmodules
-echo "Xmodules file installed as ${PREFIX}/usr/share/shorewall/xmodules"
-
 #
 # Install the TC Rules file
 #
@@ -477,6 +474,10 @@ delete_file ${PREFIX}/usr/share/shorewall/Limit
 #
 delete_file ${PREFIX}/usr/share/shorewall/functions
 #
+# Delete the xmodules file
+#
+delete_file ${PREFIX}/usr/share/shorewall/xmodules
+#
 # Install the Providers file
 #
 run_install $OWNERSHIP -m 0644 providers ${PREFIX}/usr/share/shorewall/configfiles/providers

Shorewall/modules

@@ -1,7 +1,7 @@
 #
 # Shorewall version 3.2 - Modules File
 #
-# /usr/share/shorewall/modules
+# /usr/share/shorewall/xmodules
 #
 #	This file loads the modules needed by the firewall.
 #
@@ -16,11 +16,33 @@
 #
 # Essential Modules
 #
+loadmodule nfnetlink
+loadmodule x_tables
 loadmodule ip_tables
 loadmodule iptable_filter
 loadmodule iptable_mangle
 loadmodule ip_conntrack
 loadmodule iptable_nat
+loadmodule xt_state
+loadmodule xt_tcpudp
+#
+# Other xtables modules
+#
+loadmodule xt_CLASSIFY
+loadmodule xt_connmark
+loadmodule xt_CONNMARK
+loadmodule xt_conntrack
+loadmodule xt_dccp
+loadmodule xt_helper
+loadmodule xt_length
+loadmodule xt_limit
+loadmodule xt_mac
+loadmodule xt_mark
+loadmodule xt_MARK
+loadmodule xt_NFQUEUE
+loadmodule xt_physdev
+loadmodule xt_pkttype
+loadmodule xt_tcpmss
 #
 # Helpers
 #

Shorewall/shorewall

@@ -634,6 +634,7 @@ start_command() {
 	do_it
     fi
 }
+
 #
 # Compile Command Executor
 #
@@ -704,6 +705,7 @@ compile_command() {
 
     exec $SHOREWALL_SHELL ${SHAREDIR}/compiler $debugging compile $file
 }
+
 #
 # Check Command Executor
 #

Shorewall/shorewall.spec

@@ -181,7 +181,6 @@ fi
 %attr(0644,root,root) /usr/share/shorewall/prog.header
 %attr(0644,root,root) /usr/share/shorewall/rfc1918
 %attr(0644,root,root) /usr/share/shorewall/configpath
-%attr(0644,root,root) /usr/share/shorewall/xmodules
 
 %attr(0644,root,root) /usr/share/shorewall/configfiles/shorewall.conf
 %attr(0644,root,root) /usr/share/shorewall/configfiles/zones

Shorewall/xmodules

@@ -1,118 +0,0 @@
-#
-# Shorewall version 3.2 - xtables Modules File
-#
-# /usr/share/shorewall/xmodules
-#
-#	This file loads the modules needed by the firewall on 2.6.16 and later
-#	kernels.
-#
-#	THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in
-#	dependency order. i.e., if M2 depends on M1 then you must load M1
-#	before you load M2.
-#
-# For additional information, see
-# http://shorewall.net/Documentation.htm#modules
-#
-###############################################################################
-#
-# Essential Modules
-#
-loadmodule nfnetlink
-loadmodule x_tables
-loadmodule ip_tables
-loadmodule iptable_filter
-loadmodule iptable_mangle
-loadmodule ip_conntrack
-loadmodule iptable_nat
-loadmodule xt_state
-loadmodule xt_tcpudp
-#
-# Other xtables modules
-#
-loadmodule xt_CLASSIFY
-loadmodule xt_connmark
-loadmodule xt_CONNMARK
-loadmodule xt_conntrack
-loadmodule xt_dccp
-loadmodule xt_helper
-loadmodule xt_length
-loadmodule xt_limit
-loadmodule xt_mac
-loadmodule xt_mark
-loadmodule xt_MARK
-loadmodule xt_NFQUEUE
-loadmodule xt_physdev
-loadmodule xt_pkttype
-loadmodule xt_tcpmss
-#
-# Helpers
-#
-loadmodule ip_conntrack_ftp
-loadmodule ip_conntrack_tftp
-loadmodule ip_conntrack_irc
-loadmodule iptable_nat
-loadmodule ip_nat_ftp
-loadmodule ip_nat_tftp
-loadmodule ip_nat_irc
-loadmodule ip_set
-loadmodule ip_set_iphash
-loadmodule ip_set_ipmap
-loadmodule ip_set_macipmap
-loadmodule ip_set_portmap
-#
-# Traffic Shaping
-#
-loadmodule sch_sfq
-loadmodule sch_ingress
-loadmodule sch_htb
-loadmodule cls_u32
-#
-# Extensions
-#
-loadmodule ipt_addrtype
-loadmodule ipt_ah
-loadmodule ipt_CLASSIFY
-loadmodule ipt_CLUSTERIP
-loadmodule ipt_comment
-loadmodule ipt_connmark
-loadmodule ipt_CONNMARK
-loadmodule ipt_conntrack
-loadmodule ipt_dscp
-loadmodule ipt_DSCP
-loadmodule ipt_ecn
-loadmodule ipt_ECN
-loadmodule ipt_esp
-loadmodule ipt_hashlimit
-loadmodule ipt_helper
-loadmodule ipt_ipp2p
-loadmodule ipt_iprange
-loadmodule ipt_length
-loadmodule ipt_limit
-loadmodule ipt_LOG
-loadmodule ipt_mac
-loadmodule ipt_mark
-loadmodule ipt_MARK
-loadmodule ipt_MASQUERADE
-loadmodule ipt_multiport
-loadmodule ipt_NETMAP
-loadmodule ipt_NOTRACK
-loadmodule ipt_owner
-loadmodule ipt_physdev
-loadmodule ipt_pkttype
-loadmodule ipt_policy
-loadmodule ipt_realm
-loadmodule ipt_recent
-loadmodule ipt_REDIRECT
-loadmodule ipt_REJECT
-loadmodule ipt_SAME
-loadmodule ipt_sctp
-loadmodule ipt_set
-loadmodule ipt_state
-loadmodule ipt_tcpmss
-loadmodule ipt_TCPMSS
-loadmodule ipt_tos
-loadmodule ipt_TOS
-loadmodule ipt_ttl
-loadmodule ipt_TTL
-loadmodule ipt_ULOG
-#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

docs/Documentation.xml

@@ -3375,10 +3375,13 @@ $FW      chld               ACCEPT</programlisting>
         <term>MODULESDIR</term>
 
         <listitem>
-          <para>This parameter specifies the directory where your kernel
-          netfilter modules may be found. If you leave the variable empty,
-          Shorewall will supply the value "/lib/modules/`uname
-          -r`/kernel/net/ipv4/netfilter.</para>
+          <para>This parameter specifies the directory/directories where your
+          kernel netfilter modules may be found. If you leave the variable
+          empty, Shorewall will supply the value "/lib/modules/`uname
+          -r`/kernel/net/ipv4/netfilter" in versions of Shorewall prior to
+          3.2.4 and "/lib/modules/`uname
+          -r`/kernel/net/ipv4/netfilter:/lib/modules/`uname
+          -r`/kernel/net/ipv4/netfilter" in later versions.</para>
         </listitem>
       </varlistentry>
 
@@ -3627,6 +3630,16 @@ LOGBURST=5</programlisting>
     provided that it exists and that the directory specified by the MODULESDIR
     parameter exists (see <xref linkend="Conf" /> above).</para>
 
+    <important>
+      <para>This file was moved to <filename
+      class="directory">/usr/share/shorewall</filename> in Shorewall version
+      3.2.0.</para>
+
+      <para>If you have an earlier kernel but need to modify the modules file,
+      then copy <filename>/usr/share/shorewall/modules</filename> to
+      <filename>/etc/shorewall/modules</filename> and modify the copy.</para>
+    </important>
+
     <para>The file that is released with Shorewall calls the Shorewall
     function <quote>loadmodule</quote> for the set of modules that I
     load.</para>

docs/Introduction.xml

@@ -222,14 +222,15 @@ dmz        eth2          detect</programlisting>
     file. If no rule in that file matches the connection request then the
     first policy in <filename
     class="directory">/etc/shorewall/</filename><filename>policy</filename>
-    that matches the request is applied. If there is a common action defined
+    that matches the request is applied. If there is a default action defined
     for the policy in /etc/shorewall/actions (or
     <filename>/usr/share/shorewall/actions.std</filename>) then that action is
-    invoked before the policy is enforces. In the standard Shorewall
-    distribution, the DROP policy has a common action called <emphasis
-    role="bold">Drop</emphasis> and the REJECT policy has a common action
-    called <emphasis role="bold">Reject</emphasis>. Common actions are used
-    primarily to discard</para>
+    invoked before the policy is enforced. In the standard Shorewall
+    distribution, the DROP policy has a default action called <emphasis
+    role="bold">Drop</emphasis> and the REJECT policy has a default action
+    called <emphasis role="bold">Reject</emphasis>. Default actions are used
+    primarily to discard packets silently so that they don't clutter up your
+    log.</para>
 
     <para>The <filename
     class="directory">/etc/shorewall/</filename><filename>policy</filename>

docs/shorewall_quickstart_guide.xml

@@ -48,7 +48,7 @@
 
     <para>Please read the short article <ulink
     url="Introduction.html">Introduction to Shorewall</ulink> to familiarize
-    yourself with basic Shorewall features.</para>
+    yourself with basic Shorewall concepts.</para>
   </section>
 
   <section id="Guides">