-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2/11/20 7:12 AM, Vieri Di Paola wrote: > On Tue, Feb 11, 2020 at 3:49 PM Matt Darfeuille > <m...@shorewall.org> wrote: >> >> If the other modules are not loaded and 'AUTOHELPERS' is set to >> 'No', are you sure that Shorewall is the culprit? > > AUTOHELPERS is set to yes (default) for its convenience. Maybe I > should specify a helper for each rule that needs it, and set > AUTOHELPERS to no. > > Anyway, it seems I found a trick that works for me. Instead of > blacklisting the modules in modprobe.d, I use the "install" > command and pass it a program such as /bin/true. > > /etc/modprobe.d/blacklist.conf blacklist xt_iface install xt_geoip > /bin/true blacklist xt_TARPIT > > Now, xt_geoip is never loaded (nor are the other ones). >
Shorewall pretty much got out of the module loading business in version 5.2.3. On systems with module autoloading enabled, however, the 'shorewall show capabilities' command can result in the module being autoloaded, unless you do something like you have shown above. Note that Shorewall 5.2.3 will still attempt to load helpers because they are never autoloaded (xt_geoip is not a helpter). Also ?IF __GEOIP_MATCH will trigger the module being autoloaded, unless such loading is disabled outside of Shorewall. - -Tom - -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIzBAEBCgAdFiEEFNMNR63CLO6yqbL8luaz8kI6TRAFAl5DBsMACgkQluaz8kI6 TRDQaQ//bDAsMlNEKoiaieqgLJgJDHOeAc1uFVKsn4wlNBdByygkIe0GbhmMWbIJ KHwhAnX8Bg+9DoGg9Nz4g0Vn4TbC81sGtp0dGYILovrOG4W4AONrVJ3bfzr4rSJ+ S43+EFs24MysmIRdRMPihsSWwmdZ11WfIk8X/v1vR4t6Kfuq+Q6Lys26tRnFly3s YSf8r2lmkEo9jwrP+YqUecu9NEFCSz5mwT0JXaDnzSBt91fG2O4xp3Td8ZJEzGOq I3LhOS/vLtdUa+Zk7ExVuk1vrHUXbh/Zwp4tHD6uwTyK0T7ngANHaioQyGWo6IYB pbavahMIgZy2tYtPj2UMI4mx0Vgkj4eq7jzrj9rlkpmDQ+shbpwP8eN148OFVhHz XXQU5smsLfy7+Sit3R1NqFpbzkV/7gF8dTvk3v3axEEZiZZUo3lHZPhr1hm87CKJ 6MBrnfVCS0213Yn1TkCvLROQkiV7Gy88hAqJHorrrgtfyh5EwpesRE/83FSZjl1o GS8UnHoOsBq7c+xOXxw+Z2/1C7qFQXCEVlmQshiZ64KgyEyQuYVHFbwiQ5/yte9E 78grWgNQ3J2+nkOVulBPXgEGXqrcQpEs//Mo0YiX+u8OEmNwnJpCpGud2JX0QNt1 W3PqbDaFKdD5lDD7eFS6W9+C9KMDum/PdBEwwr5E/SDgBWNq8CE= =PEjc -----END PGP SIGNATURE----- _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users