Hi there,
Sorry if this may have already been discussed, but in shorewall.conf
it says:
Shorewall normally looks in the MODULES DIRECTORY (see MODULESDIR
above) for files whose names end in ".o", ".ko",
".gz", "o.gz" or
"ko.gz" .
However, these default extensions are actually set in do_initialize()
AFTER the modules are loaded, so unless you explicitly configure
MODULE_SUFFIX in shorewall.conf, it will be treated as an empty string.
Here''s an outline of the calling sequence that concerns modules:
do_initialize() {
MODULE_SUFFIX ...
config=$(find_file shorewall.conf)
. $config
...
load_kernel_modules
-> Try to load each module using the extensions in
MODULE_SUFFIX, which would be empty if not
explicitly set in shorewall.conf
...
(*) [ -n "$MODULE_SUFFIX" ] || MODULE_SUFFIX="o gz ko o.gz
ko.gz"
}
Seems like the line marked (*) should be moved somewhere before the
call to load_kernel_modules.
--eric
Possibly the stupidest thing I have ever done in my almost 60 years on this earth is to have Shorewall load kernel modules. It has been an ongoing nightmare from the beginning... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Eric E. Bowles wrote:> > Seems like the line marked (*) should be moved somewhere before the > call to load_kernel_modules. >Please try a prelimilary 2.0.2f: http://shorewall.net/pub/shorewall/shorewall-2.0.2f ftp://shorewall.net/pub/shorewall/shorewall-2.0.2f Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom,> Please try a prelimilary 2.0.2f:Works for me! I should add that for those who don''t want to upgrade, all you need to do is to set this in shorewall.conf: MODULE_SUFFIX="o gz ko o.gz ko.gz" --eric> http://shorewall.net/pub/shorewall/shorewall-2.0.2f > ftp://shorewall.net/pub/shorewall/shorewall-2.0.2f > > >Seems like the line marked (*) should be moved somewhere before the > >call to load_kernel_modules. > > > > Thanks, > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >