Hi,
With "AUTOHELPERS=No" and "HELPERS=none" in "shorewall.conf", is it
expected of Shorewall to still load all the modules in the "helpers" file ?
I don't use any of them and even though the FW rules are really tight,
these modules can still potentially be a threat if misused with address
spoofing and such sneaky attacks. I stress the word "potential" but
we're never too cautious.
For a test I copied the "helpers" file to "/etc/shorewall" and commented
all helpers, except "nf_nat" and left alone the LOG related modules as
they are needed.
After a reboot of the test machine, none of the modules were loaded so
Shorewall is loading them.
I was expecting these modules not to be loaded since the helpers related
settings are set to No/none in shorewall.conf.
Or, I could be missing something of course :-)
--
ObNox
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
