-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2/11/20 7:12 AM, Vieri Di Paola wrote:
> On Tue, Feb 11, 2020 at 3:49 PM Matt Darfeuille
> <m...@shorewall.org> wrote:
>>
>> If the other modules are not loaded and 'AUTOHELPERS' is set to
>> 'No', are you sure that Shorewall is the culprit?
>
> AUTOHELPERS is set to yes (default) for its convenience. Maybe I
> should specify a helper for each rule that needs it, and set
> AUTOHELPERS to no.
>
> Anyway, it seems I found a trick that works for me. Instead of
> blacklisting the modules in modprobe.d, I use the "install"
> command and pass it a program such as /bin/true.
>
> /etc/modprobe.d/blacklist.conf blacklist xt_iface install xt_geoip
> /bin/true blacklist xt_TARPIT
>
> Now, xt_geoip is never loaded (nor are the other ones).
>
Shorewall pretty much got out of the module loading business in
version 5.2.3. On systems with module autoloading enabled, however,
the 'shorewall show capabilities' command can result in the module
being autoloaded, unless you do something like you have shown above.
Note that Shorewall 5.2.3 will still attempt to load helpers because
they are never autoloaded (xt_geoip is not a helpter).
Also
?IF __GEOIP_MATCH
will trigger the module being autoloaded, unless such loading is
disabled outside of Shorewall.
- -Tom
- --
Tom Eastep \ Q: What do you get when you cross a mobster
Shoreline, \ with an international standard?
Washington, USA \ A: Someone who makes you an offer you
http://shorewall.org \ can't understand
\________________________________________
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIzBAEBCgAdFiEEFNMNR63CLO6yqbL8luaz8kI6TRAFAl5DBsMACgkQluaz8kI6
TRDQaQ//bDAsMlNEKoiaieqgLJgJDHOeAc1uFVKsn4wlNBdByygkIe0GbhmMWbIJ
KHwhAnX8Bg+9DoGg9Nz4g0Vn4TbC81sGtp0dGYILovrOG4W4AONrVJ3bfzr4rSJ+
S43+EFs24MysmIRdRMPihsSWwmdZ11WfIk8X/v1vR4t6Kfuq+Q6Lys26tRnFly3s
YSf8r2lmkEo9jwrP+YqUecu9NEFCSz5mwT0JXaDnzSBt91fG2O4xp3Td8ZJEzGOq
I3LhOS/vLtdUa+Zk7ExVuk1vrHUXbh/Zwp4tHD6uwTyK0T7ngANHaioQyGWo6IYB
pbavahMIgZy2tYtPj2UMI4mx0Vgkj4eq7jzrj9rlkpmDQ+shbpwP8eN148OFVhHz
XXQU5smsLfy7+Sit3R1NqFpbzkV/7gF8dTvk3v3axEEZiZZUo3lHZPhr1hm87CKJ
6MBrnfVCS0213Yn1TkCvLROQkiV7Gy88hAqJHorrrgtfyh5EwpesRE/83FSZjl1o
GS8UnHoOsBq7c+xOXxw+Z2/1C7qFQXCEVlmQshiZ64KgyEyQuYVHFbwiQ5/yte9E
78grWgNQ3J2+nkOVulBPXgEGXqrcQpEs//Mo0YiX+u8OEmNwnJpCpGud2JX0QNt1
W3PqbDaFKdD5lDD7eFS6W9+C9KMDum/PdBEwwr5E/SDgBWNq8CE=
=PEjc
-----END PGP SIGNATURE-----
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
