On 02/18/2013 08:17 AM, Tom Eastep wrote: > On 02/17/2013 06:09 PM, Grant wrote: >>>> I'm a little puzzled by all of this because shorewall seems to work >>>> fine and at least some of the errors reference stuff I know I'm not >>>> using. >>> >>> Those are harmless -- they are produced when Shorewall is probing your >>> system to determine its capabilities. You can eliminate them (and speed up >>> start/restart) by using a capabilities file. >>> >>> Shorewall show -f capabilities > /etc/shorewall/capabilities. >>> >>> Now, the compiler will simply read the capabilities file rather than probe. >> >> Thank you, that's perfect. Is there a good way to determine which >> kernel options I need for my shorewall config? I'm sure I have a lot >> of stuff compiled in that I don't need. > > If you use a modular kernel and a capabilities file, then simply re-boot > and see which modules are loaded.
The above also assumes, of course, that you use module auto-loading.
In Shorewall 4.5.14, the compiler will produce a report as follows:
Configuration uses these capabilities ('*' denotes required):
ACCOUNT_TARGET*
ADDRTYPE
AMANDA_HELPER
COMMENTS
CONNMARK*
CONNMARK_MATCH*
CONNTRACK_MATCH
ENHANCED_REJECT
EXMARK
FTP_HELPER
FWMARK_RT_MASK
GEOIP_MATCH*
GOTO_TARGET
H323_HELPER
HASHLIMIT_MATCH*
IRC_HELPER
LOG_OPTIONS
LOG_TARGET*
MANGLE_ENABLED
MANGLE_FORWARD
MARK*
MULTIPORT
NAT_ENABLED*
NEW_CONNTRACK_MATCH
NFLOG_TARGET*
OWNER_MATCH*
POLICY_MATCH
PPTP_HELPER
RAW_TABLE*
RECENT_MATCH*
SANE_HELPER
SIP_HELPER
SNMP_HELPER
STATISTIC_MATCH*
TCPMSS_MATCH
TFTP_HELPER
XCONNMARK*
XMULTIPORT*
Shorewall configuration verified
There is a close correlation between these capabilities and kernel
options, but that correlation is kernel-version dependent.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ The Go Parallel Website, sponsored by Intel - in partnership with Geeknet, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials, tech docs, whitepapers, evaluation guides, and opinion stories. Check out the most recent posts - join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
