Re: [Shorewall-devel] Shorewall kernel modules.

Fri, 27 Nov 2015 09:28:43 -0800 

On 11/27/2015 12:41 AM, Slava Bendersky wrote:
> Hello Everyone,
> I am writing here based on discovered issue with shorewall fedora 22
> server where impossible load kernel modules. We did some troubleshooting
> with bleve and trace shows that shorewall checking wrong directory to
> load required  module.
>
>
> Here relevant paste from the trace.
>
> http://fpaste.org/295059/44861337/
>
> modules files /etc/shorewall
>
> [root@caprx01 shorewall]# cat modules
> INCLUDE /usr/share/shorewall/modules
> loadmodule xt_RTPENGINE
>
>
> and actual module location
>
> [root@caprx01 shorewall]# ls -la
> /lib/modules/4.2.6-200.fc22.x86_64/extra/rtpengine/xt_RTPENGINE.ko
> -rw-r--r-- 1 root root 37312 Nov 27 01:33
> /lib/modules/4.2.6-200.fc22.x86_64/extra/rtpengine/xt_RTPENGINE.ko


If MODULESDIR is empty, then Shorewall sets its value to a list of 
directories that will include all modules listed in the Shorewall 
modules* files. If you wish to load a module that is not in one of those 
directories, then you need to set MODULESDIR yourself. I would suggest 
setting your own shell variable in the params file, then use the value 
of that variable to set MODULESDIR in shorewall.conf.

For reference, Shorewall defaults MODULESDIR to:

/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset

where $uname holds the output of 'uname -r' and $g_family is either '4' 
or '6', depending on whether an IPv4 or IPv6 firewall is being defined.

I suspect that a better approach in your case would be to simply load 
the module yourself in the init extension script.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to