firewall-init: firewall.d/functions - code to load only specified ...

baggins baggins at pld-linux.org
Mon Sep 19 17:26:30 CEST 2005 

Author: baggins                      Date: Mon Sep 19 15:26:30 2005 GMT
Module: firewall-init                 Tag: HEAD
---- Log message:
- code to load only specified conntrack/nat modules

---- Files affected:
firewall-init/firewall.d:
   functions (1.8 -> 1.9) 

---- Diffs:

================================================================
Index: firewall-init/firewall.d/functions
diff -u firewall-init/firewall.d/functions:1.8 firewall-init/firewall.d/functions:1.9
--- firewall-init/firewall.d/functions:1.8	Mon Oct 18 16:00:39 2004
+++ firewall-init/firewall.d/functions	Mon Sep 19 17:26:25 2005
@@ -3,32 +3,37 @@
 	typeset i conn
 
 	_modprobe die -k -a ip_tables
-
-	conn=""
-	for i in /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_conntrack_*.{k,}o ; do
-		[ -f "$i" ] && conn="$conn `echo $i | awk '!/ftp|irc|egg/ { gsub(/.*\//,"") ; gsub(/\.[k]o$/,"") ; print $1 }'`"
-	done
 	_modprobe die -k -a ip_conntrack \
 		`[ -z "$CONNTRACK_HASHSIZE" ] || echo "hashsize=$CONNTRACK_HASHSIZE"`
-	_modprobe die -k -a ip_conntrack_ftp \
-				`[ -z "$FTP_PORTS" ] || echo "ports=$FTP_PORTS"` \
-				`[ -z "$FTP_FXP" ] || echo "fxp=1"`
-	_modprobe die -k -a ip_conntrack_irc \
-				`[ -z "$FTP_PORTS" ] || echo "ports=$IRC_PORTS"`
-	_modprobe die -k -a ip_conntrack_egg \
-				`[ -z "$FTP_PORTS" ] || echo "ports=$EGGDROP_PORTS"`
-	_modprobe die -k -a $conn
+
+	if [ "$CONNTRACK_MODULES" = "all" -o -z "$CONNTRACK_MODULES" ] ; then
+	    conn=""
+	    for i in /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_conntrack_*.{k,}o ; do
+		    [ -f "$i" ] && conn="$conn `echo $i | awk '!/ftp|irc|egg/ { gsub(/.*\//,"") ; gsub(/\.[k]o$/,"") ; print $1 }'`"
+	    done
+	    _modprobe die -k -a $conn
+	elif [ "$CONNTRACK_MODULES" != "none" ] ; then
+	    conn=""
+	    for i in "$CONNTRACK_MODULES" ; do
+		    conn="$conn ip_conntrack_$i"
+	    done
+	    _modprobe die -k -a $conn
+	fi
 
 	if echo "$ipv4_TABLES" | awk '!/nat/ {exit 1}' ; then
+	    if [ "$NAT_MODULES" = "all" -o -z "$NAT_MODULES" ] ; then
 		conn=""
 		for i in /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_nat_*.{k,}o ; do
 			[ -f "$i" ] && conn="$conn `echo $i | awk '!/ftp|irc/ { gsub(/.*\//,"") ; gsub(/\.[k]o$/,"") ; print $1 }'`"
 		done
-		_modprobe die -k -a ip_nat_ftp \
-				`[ -z "$FTP_PORTS" ] || echo "ports=$FTP_PORTS"`
-		_modprobe die -k -a ip_nat_irc \
-				`[ -z "$FTP_PORTS" ] || echo "ports=$IRC_PORTS"`
 		_modprobe die -k -a $conn
+	    elif [ "$NAT_MODULES" != "none" ] ; then
+		conn=""
+		for i in "$NAT_MODULES" ; do
+			    conn="$conn ip_nat_$i"
+		done
+		_modprobe die -k -a $conn
+	    fi
 	fi
 }
 
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/firewall-init/firewall.d/functions?r1=1.8&r2=1.9&f=u

More information about the pld-cvs-commit mailing list