Author: baggins Date: Mon Sep 19 15:26:30 2005 GMT Module: firewall-init Tag: HEAD ---- Log message: - code to load only specified conntrack/nat modules
---- Files affected: firewall-init/firewall.d: functions (1.8 -> 1.9) ---- Diffs: ================================================================ Index: firewall-init/firewall.d/functions diff -u firewall-init/firewall.d/functions:1.8 firewall-init/firewall.d/functions:1.9 --- firewall-init/firewall.d/functions:1.8 Mon Oct 18 16:00:39 2004 +++ firewall-init/firewall.d/functions Mon Sep 19 17:26:25 2005 @@ -3,32 +3,37 @@ typeset i conn _modprobe die -k -a ip_tables - - conn="" - for i in /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_conntrack_*.{k,}o ; do - [ -f "$i" ] && conn="$conn `echo $i | awk '!/ftp|irc|egg/ { gsub(/.*\//,"") ; gsub(/\.[k]o$/,"") ; print $1 }'`" - done _modprobe die -k -a ip_conntrack \ `[ -z "$CONNTRACK_HASHSIZE" ] || echo "hashsize=$CONNTRACK_HASHSIZE"` - _modprobe die -k -a ip_conntrack_ftp \ - `[ -z "$FTP_PORTS" ] || echo "ports=$FTP_PORTS"` \ - `[ -z "$FTP_FXP" ] || echo "fxp=1"` - _modprobe die -k -a ip_conntrack_irc \ - `[ -z "$FTP_PORTS" ] || echo "ports=$IRC_PORTS"` - _modprobe die -k -a ip_conntrack_egg \ - `[ -z "$FTP_PORTS" ] || echo "ports=$EGGDROP_PORTS"` - _modprobe die -k -a $conn + + if [ "$CONNTRACK_MODULES" = "all" -o -z "$CONNTRACK_MODULES" ] ; then + conn="" + for i in /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_conntrack_*.{k,}o ; do + [ -f "$i" ] && conn="$conn `echo $i | awk '!/ftp|irc|egg/ { gsub(/.*\//,"") ; gsub(/\.[k]o$/,"") ; print $1 }'`" + done + _modprobe die -k -a $conn + elif [ "$CONNTRACK_MODULES" != "none" ] ; then + conn="" + for i in "$CONNTRACK_MODULES" ; do + conn="$conn ip_conntrack_$i" + done + _modprobe die -k -a $conn + fi if echo "$ipv4_TABLES" | awk '!/nat/ {exit 1}' ; then + if [ "$NAT_MODULES" = "all" -o -z "$NAT_MODULES" ] ; then conn="" for i in /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_nat_*.{k,}o ; do [ -f "$i" ] && conn="$conn `echo $i | awk '!/ftp|irc/ { gsub(/.*\//,"") ; gsub(/\.[k]o$/,"") ; print $1 }'`" done - _modprobe die -k -a ip_nat_ftp \ - `[ -z "$FTP_PORTS" ] || echo "ports=$FTP_PORTS"` - _modprobe die -k -a ip_nat_irc \ - `[ -z "$FTP_PORTS" ] || echo "ports=$IRC_PORTS"` _modprobe die -k -a $conn + elif [ "$NAT_MODULES" != "none" ] ; then + conn="" + for i in "$NAT_MODULES" ; do + conn="$conn ip_nat_$i" + done + _modprobe die -k -a $conn + fi fi } ================================================================ ---- CVS-web: http://cvs.pld-linux.org/firewall-init/firewall.d/functions?r1=1.8&r2=1.9&f=u _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit