Hello. Shorewall 4.6.4.1 kernel 3.10.0 In shorewall.conf I have "DONT_LOAD=nf_conntrack_sip,nf_nat_sip" In shorewall.conf I have "AUTOHELPERS=No", HELPERS is empty. SIP section in /etc/shorewall/conntrack is commented out (checked - no sip entries in raw table after shorewall start). "ports=0" is specified in /etc/shorewall/helpers for appropriate *sip lines (or alternatively all *sip lines commented out). There are not any rules specifying port 5060 in /etc/shorewall/rules.
Despite doing the above steps, nf_conntrack_sip is being loaded during every restart of shorewall (although nf_nat_sip obeys my disposition and never gets loaded). Also, after doing "shorewall compile OUTPUT ." inside /etc/shorewall, nf_conntrack_sip module gets automatically loaded (yes, after dry copilation of rules), although resulting OUTPUT file does not contain anything which would load this module. nf_conntrack_sip is always at the top of lsmod output, no other modules use it. I ended up adding "rmmod nf_conntrack_sip" to /ec/shorewall/started. The same happens for shorewall6. Is there any way to properly skip loading of this module ? Regards. -- Artur ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
