Tom Eastep wrote: > > The answer is 'No'. > ... > > I chose not to. >
I sense some offence being taken there. I wasn't criticizing Shorewall, or you, (or anyone else for that matter). Most of us are just users of your software who haven't much time to monitor what's going on behind the scenes. I look to this ML for early warnings of glitches as much as for solutions to problems and I suspect others do too. Hopefully, this thread will serve as an early warning to others. > Linus roundly chastised the Netfilter team for renaming kernel > configuration options and module names the way that they did but the > Netfilter team apparently isn't changing anything. So expect more pain > in the future and use a modules file when needed. > Comparing the netfilter modules in 2.6.20-1.2925.fc6 with those in 2.6.19-1.2911.6.5.fc6 shows many modules have had their names changed - I'm assuming it's only a name change and that the functionality has been maintained. The following modules don't exist 2.6.20-1.2925.fc6 ip_conntrack_amanda.ko ip_conntrack_ftp.ko ip_conntrack_h323.ko ip_conntrack_irc.ko ip_conntrack.ko ip_conntrack_netbios_ns.ko ip_conntrack_netlink.ko ip_conntrack_pptp.ko ip_conntrack_proto_sctp.ko ip_conntrack_sip.ko ip_conntrack_tftp.ko ip_nat_amanda.ko ip_nat_ftp.ko ip_nat_h323.ko ip_nat_irc.ko ip_nat.ko ip_nat_pptp.ko ip_nat_sip.ko ip_nat_snmp_basic.ko ip_nat_tftp.ko ipt_hashlimit.ko Instead, there are: nf_conntrack_ipv4.ko nf_nat_amanda.ko nf_nat_ftp.ko nf_nat_h323.ko nf_nat_irc.ko nf_nat.ko nf_nat_pptp.ko nf_nat_proto_gre.ko nf_nat_sip.ko nf_nat_snmp_basic.ko nf_nat_tftp.ko nf_conntrack_amanda.ko nf_conntrack_ftp.ko nf_conntrack_h323.ko nf_conntrack_irc.ko nf_conntrack.ko nf_conntrack_netbios_ns.ko nf_conntrack_netlink.ko nf_conntrack_pptp.ko nf_conntrack_proto_gre.ko nf_conntrack_proto_sctp.ko nf_conntrack_sip.ko nf_conntrack_tftp.ko xt_hashlimit.ko xt_NFLOG.ko I suppose as a first approximation one could just add the nf_/xt_ modules to the modules file. Is that likely screw anything up? (Tom?) Another problem with 2.6.20-1.2925.fc6 is that there is no /proc/net/ip_conntrack but I assume that file is provided by nf_conntrack.ko The conclusion is don't update past 2.6.19-1.2911.6.5.fc6, or be prepared for messing around with module loading. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
