On 11/26/2014 5:32 AM, Artur Uszyński wrote: > Hello. > > Shorewall 4.6.4.1 > kernel 3.10.0 > In shorewall.conf I have "DONT_LOAD=nf_conntrack_sip,nf_nat_sip" > In shorewall.conf I have "AUTOHELPERS=No", HELPERS is empty. > SIP section in /etc/shorewall/conntrack is commented out (checked - no sip > entries in raw table after shorewall start). > "ports=0" is specified in /etc/shorewall/helpers for appropriate *sip lines > (or alternatively all *sip lines commented out). > There are not any rules specifying port 5060 in /etc/shorewall/rules. > > Despite doing the above steps, nf_conntrack_sip is being loaded during every > restart of shorewall (although nf_nat_sip obeys my disposition and never gets > loaded). > > Also, after doing "shorewall compile OUTPUT ." inside /etc/shorewall, > nf_conntrack_sip module gets automatically loaded (yes, after dry copilation > of rules), although resulting OUTPUT file does not contain anything which > would load this module. > > nf_conntrack_sip is always at the top of lsmod output, no other modules use > it. > > I ended up adding "rmmod nf_conntrack_sip" to /ec/shorewall/started. > > The same happens for shorewall6. > > Is there any way to properly skip loading of this module ?
My apologies for the slow response - I've been traveling in New Zealand for the last three weeks. You must also specify DONT_LOAD=nf_conntrack_sip in /etc/shorewall6/shorewall6.conf and comment out the sip lines in /etc/shorewall6/conntrack. If you do that, you should be able to restart either shorewall or shorewall6 without the SIP helper being loaded. I have verified that in my own configuration. There, I have AUTOHELPERS=Yes in both .conf files. Regards, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
