> Here's a patch. > OK, this worked (well, sort of!), but not the way I expected it.
Although all the annoying messages are now gone (thank god!), I still have some of the modules loaded, like nf_conntrack_ftp (and various other nf_conntrack_* kernel modules), as well as nf_nat_ftp etc. Further investigation revealed that there are hard-coded "loadmodule" statements in the "helpers" file, which I think is responsible for this. If I remove these lines (I commented them out), then everything is clear. So, is there any way to "synchronise" both things as the way I see it, one doesn't make sense without the other? In other words, if I have chosen not to have the tftp helper, what is the sense in loading nf_conntrack_tftp for example? Also, in that "helpers" file I see quite a few ipset modules (ip_set_iphash, ip_set_ipmap etc) - these are not helpers and, anyway, they appear to be in "modules.ipset" so I think it is safe to delete them from there. While I am at it, one further question: am I right in assuming that if iptables match/target kernel module is needed in a specific rule, then that kernel module is loaded automatically by iptables anyway, so do we need any of the "modules.xtables" or "modules.extensions"? ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
