Changed kernel module management to read kernel configuration and detect

if a module is compiled in the kernel or needs to be loaded separately. (note: this is not finished yet)
2024-06-28 18:02:33 +00:00 · 2003-10-26 21:27:31 +00:00 · 2003-10-26 21:27:31 +00:00 · 6f7646972c
commit 6f7646972c
parent 45c47aae7d
3 changed files with 106 additions and 9 deletions
--- a/doc/header.html
+++ b/doc/header.html
@ -70,6 +70,9 @@ automatically. FireHOL is extremely easy to understand, configure and audit.
 	</table>
 	</td>
 	</tr>
+<tr>
+	<td align=right colspan=3><small><a target="content" href="http://www.google.com.gr/advanced_search?q=site:firehol.sourceforge.net">Search this site with Google</a></small></td>
+	</tr>
 </table>

 </BODY>
--- a/doc/index.html
+++ b/doc/index.html
@ -17,7 +17,7 @@ automatically. FireHOL is extremely easy to understand, configure and audit.
 <meta name="keywords" content="iptables, netfilter, filter, firewall, stateful, port, secure, security, NAT, DMZ, DNAT, DSL, SNAT, redirect, router, rule, rules, automated, bash, block, builder, cable, complex, configuration, dual-homed, easy, easy configuration, example, fast, features, flexible, forward, free, gpl, helpme mode, human, intuitive, language, linux, masquerade, modem, multi-homed, open source, packet, panic mode, protect, script, service, system administration, wizard">
 <meta http-equiv="Expires" content="Wed, 19 Mar 2003 00:00:01 GMT">
 </HEAD>
-<FRAMESET rows="175, *" frameborder="0" marginwidth="0" marginheight="0">
+<FRAMESET rows="185, *" frameborder="0" marginwidth="0" marginheight="0">
 	<FRAME name="header" src="header.html">
 	<FRAME name="content" src="overview.html">
 	<NOFRAMES>
--- a/firehol.sh
+++ b/firehol.sh
@ -10,10 +10,61 @@
 #
 # config: /etc/firehol/firehol.conf
 #
-# $Id: firehol.sh,v 1.164 2003/10/22 06:58:27 ktsaou Exp $
+# $Id: firehol.sh,v 1.165 2003/10/26 21:27:31 ktsaou Exp $
 #
+
+# Remember who you are.
 FIREHOL_FILE="${0}"

+
+# ------------------------------------------------------------------------------
+# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+# ------------------------------------------------------------------------------
+#
+# KERNEL MODULE MANAGEMENT
+#
+# ------------------------------------------------------------------------------
+# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+# ------------------------------------------------------------------------------
+
+KERNEL_CONFIG=
+if [ -f "/proc/config" ]
+then
+	KERNEL_CONFIG="/proc/config"
+	cat /proc/config >/tmp/kcfg.$$
+	. /tmp/kcfg.$$
+	rm -f /tmp/kcfg.$$
+	
+elif [ -f "/usr/src/linux/.config" ]
+then
+	KERNEL_CONFIG="/usr/src/linux/.config"
+	. "${KERNEL_CONFIG}"
+else
+	echo >&2 " "
+	echo >&2 " IMPORTANT WARNING:"
+	echo >&2 " ------------------"
+	echo >&2 " FireHOL cannot find your current kernel configuration."
+	echo >&2 " Please, either compile your kernel with /proc/config,"
+	echo >&2 " or make sure there is a valid kernel config in:"
+	echo >&2 " /usr/src/linux/.config"
+	echo >&2 " "
+	echo >&2 " Because of this, FireHOL will simply attempt to load"
+	echo >&2 " all kernel modules for the services used, without"
+	echo >&2 " being able to detect failures."
+	echo >&2 " "
+fi
+
+
+# ------------------------------------------------------------------------------
+# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+# ------------------------------------------------------------------------------
+#
+# EXTERNAL/SYSTEM COMMANDS MANAGEMENT
+#
+# ------------------------------------------------------------------------------
+# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+# ------------------------------------------------------------------------------
+
 PATH="${PATH}:/bin:/usr/bin:/sbin:/usr/sbin"

 # External commands FireHOL will need.
@ -390,6 +441,14 @@ client_lpd_ports="721:731 default"
 server_microsoft_ds_ports="tcp/microsoft-ds"
 client_microsoft_ds_ports="default"

+server_mms_ports="tcp/1755 udp/1755"
+client_mms_ports="default"
+require_mms_modules="ip_conntrack_mms"
+require_mms_nat_modules="ip_nat_mms"
+# this will produce warnings on most distribution
+# because the mms module is not there:
+# ALL_SHOULD_ALSO_RUN="${ALL_SHOULD_ALSO_RUN} mms"
+
 server_msn_ports="tcp/6891"
 client_msn_ports="default"

@ -1797,22 +1856,57 @@ set_work_function() {
 # new firewall has been activated. Here we just keep a list of the required
 # kernel modules.

+check_kernel_config() {
+	eval local kcfg="\$${1}"
+	
+	case ${kcfg} in
+		y)	return 0
+			;;
+		
+		m)	return 1
+			;;
+		
+		*)	return 2
+			;;
+	esac
+	
+	return 2
+}
+
 check_kernel_module() {
 	local mod="${1}"
 	
 	case ${mod} in
 		ip_tables)
 			test -f /proc/net/ip_tables_names && return 0
-			return 1
+			check_kernel_config CONFIG_IP_NF_IPTABLES
+			return $?
 			;;
 		
 		ip_conntrack)
 			test -f /proc/net/ip_conntrack && return 0
-			return 1
+			check_kernel_config CONFIG_IP_NF_CONNTRACK
+			return $?
+			;;
+			
+		ip_conntrack_*)
+			local mnam="CONFIG_IP_NF_`echo ${mod} | ${CUT_CMD} -d '_' -f 3- | ${TR_CMD} [a-z] [A-Z]`"
+			check_kernel_config ${mnam}
+			return $?
+			;;
+			
+		ip_nat_*)
+			local mnam="CONFIG_IP_NF_NAT_`echo ${mod} | ${CUT_CMD} -d '_' -f 3- | ${TR_CMD} [a-z] [A-Z]`"
+			check_kernel_config ${mnam}
+			return $?
+			;;
+			
+		*)
+			return 2
 			;;
 	esac
 	
-	return 1
+	return 2
 }

 load_kernel_module() {
@ -3828,7 +3922,7 @@ case "${arg}" in
 		else
 		
 		${CAT_CMD} <<EOF
-$Id: firehol.sh,v 1.164 2003/10/22 06:58:27 ktsaou Exp $
+$Id: firehol.sh,v 1.165 2003/10/26 21:27:31 ktsaou Exp $
 (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
 FireHOL is distributed under GPL.

@ -4014,7 +4108,7 @@ then
 	
 	${CAT_CMD} <<EOF

-$Id: firehol.sh,v 1.164 2003/10/22 06:58:27 ktsaou Exp $
+$Id: firehol.sh,v 1.165 2003/10/26 21:27:31 ktsaou Exp $
 (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
 FireHOL is distributed under GPL.
 Home Page: http://firehol.sourceforge.net
@ -4309,7 +4403,7 @@ then
 	
 	${CAT_CMD} >&2 <<EOF

-$Id: firehol.sh,v 1.164 2003/10/22 06:58:27 ktsaou Exp $
+$Id: firehol.sh,v 1.165 2003/10/26 21:27:31 ktsaou Exp $
 (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
 FireHOL is distributed under GPL.
 Home Page: http://firehol.sourceforge.net
@ -4392,7 +4486,7 @@ EOF
 	echo "# "

 	${CAT_CMD} <<EOF
-# $Id: firehol.sh,v 1.164 2003/10/22 06:58:27 ktsaou Exp $
+# $Id: firehol.sh,v 1.165 2003/10/26 21:27:31 ktsaou Exp $
 # (C) Copyright 2003, Costa Tsaousis <costa@tsaousis.gr>
 # FireHOL is distributed under GPL.
 # Home Page: http://firehol.sourceforge.net