firewall: Load conntrack modules in firewall script.
authorMichael Tremer <michael.tremer@ipfire.org>
Fri, 14 Feb 2014 11:54:08 +0000 (12:54 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 14 Feb 2014 11:54:08 +0000 (12:54 +0100)
src/initscripts/init.d/firewall
src/initscripts/init.d/network

index 2bb8ba1..1d4146d 100644 (file)
@@ -292,6 +292,24 @@ iptables_red() {
 # See how we were called.
 case "$1" in
   start)
+       boot_mesg "Loading firewall modules into the kernel"
+       modprobe iptable_nat || failed=1
+       for i in $(find /lib/modules/$(uname -r) -name nf_conntrack*); do
+               modprobe $(basename $i | cut -d. -f1) || failed=1
+       done
+       for i in $(find /lib/modules/$(uname -r) -name nf_nat*); do
+               modprobe $(basename $i | cut -d. -f1) || failed=1
+       done
+       (exit ${failed})
+       evaluate_retval
+
+       if [ -e /var/ipfire/main/disable_nf_sip ]; then
+               rmmod nf_nat_sip
+               rmmod nf_conntrack_sip
+               rmmod nf_nat_h323
+               rmmod nf_conntrack_h323
+       fi
+
        boot_mesg "Setting up firewall"
        iptables_init
        evaluate_retval
index 6b49274..5aecd15 100644 (file)
 eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
 
 init_networking() {
-       boot_mesg "Loading firewall modules into the kernel"
-       modprobe iptable_nat || failed=1
-       for i in $(find /lib/modules/$(uname -r) -name nf_conntrack*); do
-               modprobe $(basename $i | cut -d. -f1) || failed=1
-       done
-       for i in $(find /lib/modules/$(uname -r) -name nf_nat*); do
-               modprobe $(basename $i | cut -d. -f1) || failed=1
-       done
-       (exit ${failed})
-       evaluate_retval
-
-       if [ -e /var/ipfire/main/disable_nf_sip ]; then
-               rmmod nf_nat_sip
-               rmmod nf_conntrack_sip
-               rmmod nf_nat_h323
-               rmmod nf_conntrack_h323
-       fi
-
        /etc/rc.d/init.d/dnsmasq start
        /etc/rc.d/init.d/static-routes start
 }