firewall-init: firewall.d/functions - code to load only specified ...

Mon, 19 Sep 2005 08:27:13 -0700 

Author: baggins                      Date: Mon Sep 19 15:26:30 2005 GMT
Module: firewall-init                 Tag: HEAD
---- Log message:
- code to load only specified conntrack/nat modules

---- Files affected:
firewall-init/firewall.d:
   functions (1.8 -> 1.9) 

---- Diffs:

================================================================
Index: firewall-init/firewall.d/functions
diff -u firewall-init/firewall.d/functions:1.8 
firewall-init/firewall.d/functions:1.9
--- firewall-init/firewall.d/functions:1.8      Mon Oct 18 16:00:39 2004
+++ firewall-init/firewall.d/functions  Mon Sep 19 17:26:25 2005
@@ -3,32 +3,37 @@
        typeset i conn
 
        _modprobe die -k -a ip_tables
-
-       conn=""
-       for i in /lib/modules/`uname 
-r`/kernel/net/ipv4/netfilter/ip_conntrack_*.{k,}o ; do
-               [ -f "$i" ] && conn="$conn `echo $i | awk '!/ftp|irc|egg/ { 
gsub(/.*\//,"") ; gsub(/\.[k]o$/,"") ; print $1 }'`"
-       done
        _modprobe die -k -a ip_conntrack \
                `[ -z "$CONNTRACK_HASHSIZE" ] || echo 
"hashsize=$CONNTRACK_HASHSIZE"`
-       _modprobe die -k -a ip_conntrack_ftp \
-                               `[ -z "$FTP_PORTS" ] || echo 
"ports=$FTP_PORTS"` \
-                               `[ -z "$FTP_FXP" ] || echo "fxp=1"`
-       _modprobe die -k -a ip_conntrack_irc \
-                               `[ -z "$FTP_PORTS" ] || echo "ports=$IRC_PORTS"`
-       _modprobe die -k -a ip_conntrack_egg \
-                               `[ -z "$FTP_PORTS" ] || echo 
"ports=$EGGDROP_PORTS"`
-       _modprobe die -k -a $conn
+
+       if [ "$CONNTRACK_MODULES" = "all" -o -z "$CONNTRACK_MODULES" ] ; then
+           conn=""
+           for i in /lib/modules/`uname 
-r`/kernel/net/ipv4/netfilter/ip_conntrack_*.{k,}o ; do
+                   [ -f "$i" ] && conn="$conn `echo $i | awk '!/ftp|irc|egg/ { 
gsub(/.*\//,"") ; gsub(/\.[k]o$/,"") ; print $1 }'`"
+           done
+           _modprobe die -k -a $conn
+       elif [ "$CONNTRACK_MODULES" != "none" ] ; then
+           conn=""
+           for i in "$CONNTRACK_MODULES" ; do
+                   conn="$conn ip_conntrack_$i"
+           done
+           _modprobe die -k -a $conn
+       fi
 
        if echo "$ipv4_TABLES" | awk '!/nat/ {exit 1}' ; then
+           if [ "$NAT_MODULES" = "all" -o -z "$NAT_MODULES" ] ; then
                conn=""
                for i in /lib/modules/`uname 
-r`/kernel/net/ipv4/netfilter/ip_nat_*.{k,}o ; do
                        [ -f "$i" ] && conn="$conn `echo $i | awk '!/ftp|irc/ { 
gsub(/.*\//,"") ; gsub(/\.[k]o$/,"") ; print $1 }'`"
                done
-               _modprobe die -k -a ip_nat_ftp \
-                               `[ -z "$FTP_PORTS" ] || echo "ports=$FTP_PORTS"`
-               _modprobe die -k -a ip_nat_irc \
-                               `[ -z "$FTP_PORTS" ] || echo "ports=$IRC_PORTS"`
                _modprobe die -k -a $conn
+           elif [ "$NAT_MODULES" != "none" ] ; then
+               conn=""
+               for i in "$NAT_MODULES" ; do
+                           conn="$conn ip_nat_$i"
+               done
+               _modprobe die -k -a $conn
+           fi
        fi
 }
 
================================================================

---- CVS-web:
    
http://cvs.pld-linux.org/firewall-init/firewall.d/functions?r1=1.8&r2=1.9&f=u

_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to