David, that's what I'm talking about. IMHO there must be all compiled/patched modules for a full support of all features we can get from shorewall. making this distro even more complete. > ----- Original Message ----- > From: David HUSSER > To: Christian Villa Real Lopes > Sent: Monday, December 04, 2006 18:52 > Subject: Re: [leaf-user] netfilter additional modules and shorewall > > > Hi Christian, > > Here, for me, the possibilities that has shorewall on the last leaf : > Darkvabox# shorewall show capabilities > Shorewall has detected the following iptables/netfilter capabilities: > NAT: Available > Packet Mangling: Available > Multi-port Match: Available > Extended Multi-port Match: Not available > Connection Tracking Match: Not available > Packet Type Match: Available > Policy Match: Not available > Physdev Match: Available > Packet length Match: Available > IP range Match: Not available > Recent Match: Available > Owner Match: Available > Ipset Match: Not available > CONNMARK Target: Available > Extended CONNMARK Target: Available > Connmark Match: Available > Extended Connmark Match: Available > Raw Table: Not available > IPP2P Match: Not available > CLASSIFY Target: Available > Extended REJECT: Available > Repeat match: Not available > MARK Target: Available > Extended MARK Target: Not available > Mangle FORWARD Chain: Available > > I also join you the modules (all netfilter modules) which were compiled > (present in the cvs of the leaf if I am not mistaken…) : > Darkvabox# ll /lib/modules/net/ipv4/netfilter/ > drwxr-xr-x 2 root root 900 Nov 25 22:50 . > drwxr-xr-x 4 root root 120 Nov 25 22:50 .. > -rw-r--r-- 1 root root 32174 Nov 13 16:47 ip_conntrack.o > -rw-r--r-- 1 root root 2904 Nov 13 16:47 > ip_conntrack_amanda.o > -rw-r--r-- 1 root root 5168 Nov 13 16:47 ip_conntrack_ftp.o > -rw-r--r-- 1 root root 4188 Nov 13 16:47 > ip_conntrack_h323.o > -rw-r--r-- 1 root root 4480 Nov 13 16:47 ip_conntrack_irc.o > -rw-r--r-- 1 root root 4444 Nov 13 16:47 ip_conntrack_mms.o > -rw-r--r-- 1 root root 5104 Nov 13 16:47 > ip_conntrack_pptp.o > -rw-r--r-- 1 root root 4656 Nov 13 16:47 > ip_conntrack_proto_gre.o > -rw-r--r-- 1 root root 2904 Nov 13 16:47 > ip_conntrack_quake3.o > -rw-r--r-- 1 root root 4932 Nov 13 16:47 > ip_conntrack_talk.o > -rw-r--r-- 1 root root 2552 Nov 13 16:47 > ip_conntrack_tftp.o > -rw-r--r-- 1 root root 2236 Nov 13 16:47 ip_nat_amanda.o > -rw-r--r-- 1 root root 3552 Nov 13 16:47 ip_nat_ftp.o > -rw-r--r-- 1 root root 4244 Nov 13 16:47 ip_nat_h323.o > -rw-r--r-- 1 root root 3072 Nov 13 16:47 ip_nat_irc.o > -rw-r--r-- 1 root root 3972 Nov 13 16:47 ip_nat_mms.o > -rw-r--r-- 1 root root 4104 Nov 13 16:47 ip_nat_pptp.o > -rw-r--r-- 1 root root 2468 Nov 13 16:47 ip_nat_proto_gre.o > -rw-r--r-- 1 root root 2992 Nov 13 16:47 ip_nat_quake3.o > -rw-r--r-- 1 root root 10868 Nov 13 16:47 > ip_nat_snmp_basic.o > -rw-r--r-- 1 root root 4260 Nov 13 16:47 ip_nat_talk.o > -rw-r--r-- 1 root root 2712 Nov 13 16:47 ip_nat_tftp.o > -rw-r--r-- 1 root root 9440 Nov 13 16:47 ip_queue.o > -rw-r--r-- 1 root root 2120 Nov 13 16:47 ipt_CLASSIFY.o > -rw-r--r-- 1 root root 2184 Nov 13 16:47 ipt_CONNMARK.o > -rw-r--r-- 1 root root 3200 Nov 13 16:47 ipt_MASQUERADE.o > -rw-r--r-- 1 root root 2528 Nov 13 16:47 ipt_MIRROR.o > -rw-r--r-- 1 root root 1736 Nov 13 16:47 ipt_REDIRECT.o > -rw-r--r-- 1 root root 3416 Nov 13 16:47 ipt_TARPIT.o > -rw-r--r-- 1 root root 1512 Nov 13 16:47 ipt_ah.o > -rw-r--r-- 1 root root 2876 Nov 13 16:47 ipt_condition.o > -rw-r--r-- 1 root root 1628 Nov 13 16:47 ipt_connmark.o > -rw-r--r-- 1 root root 1880 Nov 13 16:47 ipt_conntrack.o > -rw-r--r-- 1 root root 1516 Nov 13 16:47 ipt_esp.o > -rw-r--r-- 1 root root 1684 Nov 13 16:47 ipt_helper.o > -rw-r--r-- 1 root root 2400 Nov 13 16:47 ipt_owner.o > -rw-r--r-- 1 root root 1868 Nov 13 16:47 ipt_physdev.o > -rw-r--r-- 1 root root 1672 Nov 13 16:47 ipt_quota.o > -rw-r--r-- 1 root root 11620 Nov 13 16:47 ipt_recent.o > -rw-r--r-- 1 root root 1424 Nov 13 16:47 ipt_state.o > -rw-r--r-- 1 root root 1876 Nov 13 16:47 ipt_stealth.o > -rw-r--r-- 1 root root 1780 Nov 13 16:47 ipt_ttl.o > -rw-r--r-- 1 root root 24555 Nov 13 16:47 iptable_nat.o > > Rgds, > David > > > > On 12/4/06, Christian Villa Real Lopes <[EMAIL PROTECTED]> wrote: > > Hi everyone, > > > > I'm still testing the new 3.0beta2 and was wondering if is it possible > > to > > include all netfilter modules that shorewall support. To make myself > > clear > > below is the output from that shows some of shorewall supported features > > can't be used on leaf-bering because the support was not compiled in. > > > > firewall# shorewall show capabilities > > Shorewall has detected the following iptables/netfilter capabilities: > > NAT: Available > > Packet Mangling: Available > > Multi-port Match: Available > > + Extended Multi-port Match: Not available > > + Connection Tracking Match: Not available > > Packet Type Match: Available > > + Policy Match: Not available > > Physdev Match: Available > > + IP range Match: Not available > > Recent Match: Available > > Owner Match: Available > > + Ipset Match: Not available > > CONNMARK Target: Available > > Connmark Match: Available > > + Raw Table: Not available > > + CLASSIFY Target: Not available > > + FORWARD Mangle Chain: Not available > > firewall#
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
