[EMAIL PROTECTED] wrote: > > I sense some offence being taken there. I wasn't criticizing > Shorewall, or you, (or anyone else for that matter). Most of us > are just users of your software who haven't much time to monitor > what's going on behind the scenes.
My annoyance is more with the Netfilter team for making these capricious name changes. But I must also admit that at the moment, I have neither the time nor the computer resources to be able to test Shorewall against new kernel releases. > > I look to this ML for early warnings of glitches as much as for > solutions to problems and I suspect others do too. Hopefully, > this thread will serve as an early warning to others. Indeed. > > Comparing the netfilter modules in 2.6.20-1.2925.fc6 with those in > 2.6.19-1.2911.6.5.fc6 shows many modules have had their names changed - > I'm assuming it's only a name change and that the functionality has > been maintained. > > The following modules don't exist 2.6.20-1.2925.fc6 <details snipped> > > > I suppose as a first approximation one could just add the nf_/xt_ > modules to the modules file. Is that likely screw anything up? (Tom?) This is getting pretty unwieldy with the massive renaming of modules that has gone on in the last several kernel releases but I've hacked up a /usr/share/shorewall/modules file based on your input and I've attached it. Please give it a try (ignore the version of the file -- the 'modules' files for all supported releases are the same except for the version number in the comments). I don't know if I got the load order correct since I don't have access to "lsmod" output to see the module dependencies. > > Another problem with 2.6.20-1.2925.fc6 is that there is no > /proc/net/ip_conntrack > but I assume that file is provided by nf_conntrack.ko If you load that module, does /proc/net/ip_conntrack suddenly appear? > > The conclusion is don't update past 2.6.19-1.2911.6.5.fc6, or be prepared for > messing around with module loading. > Note also that all bridge configurations built using the instructions at http://www.shorewall.net/bridge.html also stop working with 2.6.20 and later kernels. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
# # Shorewall version 3.4 - Modules File # # /usr/share/shorewall/modules # # This file loads the modules that may be needed by the firewall. # # THE ORDER OF THE COMMANDS BELOW IS IMPORTANT!!!!!! You MUST load in # dependency order. i.e., if M2 depends on M1 then you must load M1 # before you load M2. # # For additional information, see # http://shorewall.net/Documentation.htm#modules # ############################################################################### # # Essential Modules # loadmodule nfnetlink loadmodule x_tables loadmodule ip_tables loadmodule iptable_filter loadmodule iptable_mangle loadmodule ip_conntrack loadmodule nf_conntrack loadmodule nf_conntrack_ipv4 loadmodule iptable_nat loadmodule xt_state loadmodule xt_tcpudp # # Other xtables modules # loadmodule xt_CLASSIFY loadmodule xt_connmark loadmodule xt_CONNMARK loadmodule xt_conntrack loadmodule xt_dccp loadmodule xt_hashlimit loadmodule xt_helper loadmodule xt_length loadmodule xt_limit loadmodule xt_mac loadmodule xt_mark loadmodule xt_MARK loadmodule xt_NFLOG loadmodule xt_NFQUEUE loadmodule xt_physdev loadmodule xt_pkttype loadmodule xt_tcpmss # # Helpers # loadmodule ip_conntrack_amanda loadmodule ip_conntrack_ftp loadmodule ip_conntrack_h323 loadmodule ip_conntrack_irc loadmodule ip_conntrack_netbios_ns loadmodule ip_conntrack_pptp loadmodule ip_conntrack_sip loadmodule ip_conntrack_tftp loadmodule ip_nat_amanda loadmodule ip_nat_ftp loadmodule ip_nat_h323 loadmodule ip_nat_irc loadmodule ip_nat_pptp loadmodule ip_nat_sip loadmodule ip_nat_snmp_basic loadmodule ip_nat_tftp loadmodule ip_set loadmodule ip_set_iphash loadmodule ip_set_ipmap loadmodule ip_set_macipmap loadmodule ip_set_portmap # # 2.6.20+ helpers # loadmodule nf_conntrack_ftp loadmodule nf_conntrack_h323 loadmodule nf_conntrack_irc loadmodule nf_conntrack_netbios_ns loadmodule nf_conntrack_netlink loadmodule nf_conntrack_pptp loadmodule nf_conntrack_proto_gre loadmodule nf_conntrack_proto_sctp loadmodule nf_conntrack_sip loadmodule nf_conntrack_tftp loadmodule nf_nat_amanda loadmodule nf_nat_ftp loadmodule nf_nat_h323 loadmodule nf_nat_irc loadmodule nf_nat loadmodule nf_nat_pptp loadmodule nf_nat_proto_gre loadmodule nf_nat_sip loadmodule nf_nat_snmp_basic loadmodule nf_nat_tftp # # Traffic Shaping # loadmodule sch_sfq loadmodule sch_ingress loadmodule sch_htb loadmodule cls_u32 # # Extensions # loadmodule ipt_addrtype loadmodule ipt_ah loadmodule ipt_CLASSIFY loadmodule ipt_CLUSTERIP loadmodule ipt_comment loadmodule ipt_connmark loadmodule ipt_CONNMARK loadmodule ipt_conntrack loadmodule ipt_dscp loadmodule ipt_DSCP loadmodule ipt_ecn loadmodule ipt_ECN loadmodule ipt_esp loadmodule ipt_hashlimit loadmodule ipt_helper loadmodule ipt_ipp2p loadmodule ipt_iprange loadmodule ipt_length loadmodule ipt_limit loadmodule ipt_LOG loadmodule ipt_mac loadmodule ipt_mark loadmodule ipt_MARK loadmodule ipt_MASQUERADE loadmodule ipt_multiport loadmodule ipt_NETMAP loadmodule ipt_NOTRACK loadmodule ipt_owner loadmodule ipt_physdev loadmodule ipt_pkttype loadmodule ipt_policy loadmodule ipt_realm loadmodule ipt_recent loadmodule ipt_REDIRECT loadmodule ipt_REJECT loadmodule ipt_SAME loadmodule ipt_sctp loadmodule ipt_set loadmodule ipt_state loadmodule ipt_tcpmss loadmodule ipt_TCPMSS loadmodule ipt_tos loadmodule ipt_TOS loadmodule ipt_ttl loadmodule ipt_TTL loadmodule ipt_ULOG #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
