diff options
author | Bob Gilligan <gilligan@vyatta.com> | 2009-09-22 15:52:31 -0700 |
---|---|---|
committer | Bob Gilligan <gilligan@vyatta.com> | 2009-09-22 15:52:31 -0700 |
commit | 4a71e47b4e79daff824546b539612b8747569856 (patch) | |
tree | 999686214eef9f2001b88b9afe74ea38331bf45e /scripts | |
parent | acecb392ff2bf3b6e6bf46f699c4b63bbe013b91 (diff) | |
download | vyatta-cfg-firewall-4a71e47b4e79daff824546b539612b8747569856.tar.gz vyatta-cfg-firewall-4a71e47b4e79daff824546b539612b8747569856.zip |
Bugfix 4951: Don't fail if IPv6 kernel module is not loaded.
Handle the case where the IPv6 kernel module is not loaded more gracefully.
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/firewall/firewall.init.in | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in index ea60955..c3a0115 100644 --- a/scripts/firewall/firewall.init.in +++ b/scripts/firewall/firewall.init.in @@ -44,6 +44,7 @@ declare -a modules=( ## setup firewall & nat conntrack modules start () { + for mod in ${modules[@]} ; do modprobe --syslog $mod done @@ -53,9 +54,19 @@ start () { iptables -t raw -A PREROUTING -j NOTRACK iptables -t raw -A OUTPUT -j NOTRACK - # set up notrack chains/rules for IPv6 - ip6tables -t raw -A PREROUTING -j NOTRACK - ip6tables -t raw -A OUTPUT -j NOTRACK + if [ -d /proc/sys/net/ipv6 ] ; then + # set up notrack chains/rules for IPv6 + ip6tables -t raw -A PREROUTING -j NOTRACK + ip6tables -t raw -A OUTPUT -j NOTRACK + + # set up post-firewall hook for IPv6 + ip6tables -N VYATTA_POST_FW_HOOK + ip6tables -A VYATTA_POST_FW_HOOK -j ACCEPT + ip6tables -A INPUT -j VYATTA_POST_FW_HOOK + ip6tables -A FORWARD -j VYATTA_POST_FW_HOOK + else + logger -t "Vyatta firewall init" -p warning "Kernel IPv6 support disabled. Not initializing IPv6 firewall" + fi # set up post-firewall hook for IPv4 iptables -N VYATTA_POST_FW_HOOK @@ -63,12 +74,6 @@ start () { iptables -A INPUT -j VYATTA_POST_FW_HOOK iptables -A FORWARD -j VYATTA_POST_FW_HOOK - # set up post-firewall hook for IPv6 - ip6tables -N VYATTA_POST_FW_HOOK - ip6tables -A VYATTA_POST_FW_HOOK -j ACCEPT - ip6tables -A INPUT -j VYATTA_POST_FW_HOOK - ip6tables -A FORWARD -j VYATTA_POST_FW_HOOK - # set up pre-SNAT hook iptables -t nat -N VYATTA_PRE_SNAT_HOOK iptables -t nat -A VYATTA_PRE_SNAT_HOOK -j RETURN |