Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

author Arne Fitzenreiter <arne_f@ipfire.org>

Wed, 20 Apr 2016 15:45:49 +0000 (17:45 +0200)

committer Arne Fitzenreiter <arne_f@ipfire.org>

Wed, 20 Apr 2016 15:45:49 +0000 (17:45 +0200)
author Arne Fitzenreiter <arne_f@ipfire.org>
Wed, 20 Apr 2016 15:45:49 +0000 (17:45 +0200)
committer Arne Fitzenreiter <arne_f@ipfire.org>
Wed, 20 Apr 2016 15:45:49 +0000 (17:45 +0200)
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall

index 1d6309c1b0d50a8b26013362669a1e6e797a0c40..7bdb292f7ddb8a2160377a45180fe58de40b93dc 100644 (file)
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -98,6 +98,7 @@ iptables_init() {
  
         # SIP
         if [ "${CONNTRACK_SIP}" = "on" ]; then
+               modprobe nf_nat_sip
                 iptables -A CONNTRACK -m conntrack --ctstate RELATED \
                         -m helper --helper sip -j ACCEPT
                 for proto in udp tcp; do
@@ -107,6 +108,7 @@ iptables_init() {
  
         # H.323
         if [ "${CONNTRACK_H323}" = "on" ]; then
+               modprobe nf_nat_h323
                 iptables -A CONNTRACK -m conntrack --ctstate RELATED \
                         -m helper --helper h323 -j ACCEPT
  
@@ -119,6 +121,7 @@ iptables_init() {
  
         # FTP
         if [ "${CONNTRACK_FTP}" = "on" ]; then
+               modprobe nf_nat_ftp
                 iptables -A CONNTRACK -m conntrack --ctstate RELATED \
                         -m helper --helper ftp -p tcp --dport 1024: -j ACCEPT
                 iptables -t raw -A CONNTRACK -p tcp --dport 21 -j CT --helper ftp
@@ -126,6 +129,7 @@ iptables_init() {
  
         # PPTP
         if [ "${CONNTRACK_PPTP}" = "on" ]; then
+               modprobe nf_nat_pptp
                 iptables -A CONNTRACK -m conntrack --ctstate RELATED \
                         -m helper --helper pptp -j ACCEPT
                 iptables -t raw -A CONNTRACK -p tcp --dport 1723 -j CT --helper pptp
@@ -133,6 +137,7 @@ iptables_init() {
  
         # TFTP
         if [ "${CONNTRACK_TFTP}" = "on" ]; then
+               modprobe nf_nat_tftp
                 iptables -A CONNTRACK -m conntrack --ctstate RELATED \
                         -m helper --helper tftp -j ACCEPT
                 iptables -t raw -A CONNTRACK -p udp --dport 69 -j CT --helper tftp
@@ -140,6 +145,7 @@ iptables_init() {
  
         # IRC
         if [ "${CONNTRACK_IRC}" = "on" ]; then
+               modprobe nf_nat_irc
                 iptables -A CONNTRACK -m conntrack --ctstate RELATED \
                         -m helper --helper irc -j ACCEPT
                 iptables -t raw -A CONNTRACK -p tcp --dport 6667 -j CT --helper irc
@@ -147,6 +153,7 @@ iptables_init() {
  
         # Amanda
         if [ "${CONNTRACK_AMANDA}" = "on" ]; then
+               modprobe nf_nat_amanda
                 iptables -A CONNTRACK -m conntrack --ctstate RELATED \
                         -m helper --helper amanda -j ACCEPT
                 iptables -t raw -A CONNTRACK -p tcp -j CT --helper amanda
author	Arne Fitzenreiter <arne_f@ipfire.org>
	Wed, 20 Apr 2016 15:45:49 +0000 (17:45 +0200)
committer	Arne Fitzenreiter <arne_f@ipfire.org>
	Wed, 20 Apr 2016 15:45:49 +0000 (17:45 +0200)