From 7afe9e82b60be763398531295d03f7215f21d94b Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Mon, 13 Sep 2010 14:04:13 -0700 Subject: Fix Bug 6149 Warning on boot because of modprobe config file names * add .conf suffix to files in /etc/modprobe.d * remove old files without the suffix [from a previous release] during upgrade --- Makefile.am | 4 ++-- debian/vyatta-cfg-firewall.postinst.in | 10 ++++++++++ etc/modprobe.d/vyatta_nf_conntrack | 21 --------------------- etc/modprobe.d/vyatta_nf_conntrack.conf | 21 +++++++++++++++++++++ etc/modprobe.d/vyatta_xt_recent | 22 ---------------------- etc/modprobe.d/vyatta_xt_recent.conf | 22 ++++++++++++++++++++++ templates/firewall/conntrack-hash-size/node.def | 6 +++--- templates/firewall/node.def | 6 +++--- 8 files changed, 61 insertions(+), 51 deletions(-) delete mode 100644 etc/modprobe.d/vyatta_nf_conntrack create mode 100644 etc/modprobe.d/vyatta_nf_conntrack.conf delete mode 100644 etc/modprobe.d/vyatta_xt_recent create mode 100644 etc/modprobe.d/vyatta_xt_recent.conf diff --git a/Makefile.am b/Makefile.am index d76794a..b87b091 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3,8 +3,8 @@ share_perl5dir = /opt/vyatta/share/perl5/Vyatta/IpTables curverdir = $(sysconfdir)/config-migrate/current modprobedir = /etc/modprobe.d -modprobe_DATA = etc/modprobe.d/vyatta_nf_conntrack -modprobe_DATA += etc/modprobe.d/vyatta_xt_recent +modprobe_DATA = etc/modprobe.d/vyatta_nf_conntrack.conf +modprobe_DATA += etc/modprobe.d/vyatta_xt_recent.conf sbin_SCRIPTS = share_perl5_DATA = diff --git a/debian/vyatta-cfg-firewall.postinst.in b/debian/vyatta-cfg-firewall.postinst.in index 9b86330..3bfd95e 100644 --- a/debian/vyatta-cfg-firewall.postinst.in +++ b/debian/vyatta-cfg-firewall.postinst.in @@ -8,3 +8,13 @@ sbindir=@sbindir@ # add symlinks for sudo ln -sf /opt/vyatta/sbin/vyatta-ipset.pl ${bindir}/sudo-users/vyatta-ipset.pl + + +# comply with Squeeze version of modprobe +# remove old versions of files during upgrade +for modprobe in vyatta_nf_conntrack vyatta_xt_recent +do + if [ -f /etc/modprobe.d/${modprobe} ]; then + rm -f /etc/modprobe.d/${modprobe} + fi +done diff --git a/etc/modprobe.d/vyatta_nf_conntrack b/etc/modprobe.d/vyatta_nf_conntrack deleted file mode 100644 index b907431..0000000 --- a/etc/modprobe.d/vyatta_nf_conntrack +++ /dev/null @@ -1,21 +0,0 @@ -# -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc. -# All Rights Reserved. -# **** End License **** -# -# Author: Mohit Mehta -# Description: Sets hash size for connection tracking table -# As of 2.6.33: "expect_hashsize" is readonly - -options nf_conntrack hashsize=4096 diff --git a/etc/modprobe.d/vyatta_nf_conntrack.conf b/etc/modprobe.d/vyatta_nf_conntrack.conf new file mode 100644 index 0000000..b907431 --- /dev/null +++ b/etc/modprobe.d/vyatta_nf_conntrack.conf @@ -0,0 +1,21 @@ +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc. +# All Rights Reserved. +# **** End License **** +# +# Author: Mohit Mehta +# Description: Sets hash size for connection tracking table +# As of 2.6.33: "expect_hashsize" is readonly + +options nf_conntrack hashsize=4096 diff --git a/etc/modprobe.d/vyatta_xt_recent b/etc/modprobe.d/vyatta_xt_recent deleted file mode 100644 index d517838..0000000 --- a/etc/modprobe.d/vyatta_xt_recent +++ /dev/null @@ -1,22 +0,0 @@ -# -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc. -# All Rights Reserved. -# **** End License **** -# -# Author: Mohit Mehta -# Description: Set number of packets per IP to remember to 255 for recent -# match condition. Default value was 20 as of July 14, 2010 -# - -options xt_recent ip_pkt_list_tot=255 diff --git a/etc/modprobe.d/vyatta_xt_recent.conf b/etc/modprobe.d/vyatta_xt_recent.conf new file mode 100644 index 0000000..d517838 --- /dev/null +++ b/etc/modprobe.d/vyatta_xt_recent.conf @@ -0,0 +1,22 @@ +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc. +# All Rights Reserved. +# **** End License **** +# +# Author: Mohit Mehta +# Description: Set number of packets per IP to remember to 255 for recent +# match condition. Default value was 20 as of July 14, 2010 +# + +options xt_recent ip_pkt_list_tot=255 diff --git a/templates/firewall/conntrack-hash-size/node.def b/templates/firewall/conntrack-hash-size/node.def index d4c2027..16b7c6c 100644 --- a/templates/firewall/conntrack-hash-size/node.def +++ b/templates/firewall/conntrack-hash-size/node.def @@ -8,11 +8,11 @@ val_help: u32:1-50000000; Size of hash to use for connection tracking table syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 50000000) ; "Value must be between 1 and 50,000,000" update: - if ! grep -q "nf_conntrack hashsize=$VAR(@)$" /etc/modprobe.d/vyatta_nf_conntrack + if ! grep -q "nf_conntrack hashsize=$VAR(@)$" /etc/modprobe.d/vyatta_nf_conntrack.conf then sudo sh -c "sed -i -e '/options nf_conntrack hashsize/d' \ - /etc/modprobe.d/vyatta_nf_conntrack" + /etc/modprobe.d/vyatta_nf_conntrack.conf" sudo sh -c "echo options nf_conntrack hashsize=$VAR(@) >> \ - /etc/modprobe.d/vyatta_nf_conntrack" + /etc/modprobe.d/vyatta_nf_conntrack.conf" echo "Updated conntrack hash size. This change will take affect when the system is rebooted." fi diff --git a/templates/firewall/node.def b/templates/firewall/node.def index e95bc07..30b5330 100644 --- a/templates/firewall/node.def +++ b/templates/firewall/node.def @@ -8,12 +8,12 @@ delete: # set conntrack table size to standard 16384 entries if fw disabled sudo sh -c "echo 2048 > /proc/sys/net/netfilter/nf_conntrack_expect_max" # set conntrack hash size to standard 4096 - if ! grep -q "nf_conntrack hashsize=4096$" /etc/modprobe.d/vyatta_nf_conntrack + if ! grep -q "nf_conntrack hashsize=4096$" /etc/modprobe.d/vyatta_nf_conntrack.conf then sudo sh -c "sed -i -e '/options nf_conntrack hashsize/d' \ - /etc/modprobe.d/vyatta_nf_conntrack" + /etc/modprobe.d/vyatta_nf_conntrack.conf" sudo sh -c "echo options nf_conntrack hashsize=4096 >> \ - /etc/modprobe.d/vyatta_nf_conntrack" + /etc/modprobe.d/vyatta_nf_conntrack.conf" echo "Conntrack hash size set to default 4096. This change will take affect when the system is rebooted." fi -- cgit v1.2.3