device: load only required modules

Honor firewall-backend for modules loading and ip forwarding enabling as well: * iptables: do not load nftables modules * nftables: do not load iptables modules * none: do not load any modules and do not enable ip forwarding https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1356
2026-05-05 07:38:20 +02:00 · 2022-08-30 08:26:59 +02:00 · 2022-08-30 08:26:59 +02:00 · ff7c5f4024
commit ff7c5f4024
parent b336b249f5
1 changed files with 22 additions and 13 deletions
--- a/src/core/devices/nm-device.c
+++ b/src/core/devices/nm-device.c
@ -12263,16 +12263,28 @@ _dev_ipshared4_new_l3cd(NMDevice *self, NMConnection *connection, NMPlatformIP4A
 static gboolean
 _dev_ipshared4_init(NMDevice *self)
 {
-    static const char *const modules[] = {"ip_tables",
-                                          "iptable_nat",
-                                          "nf_nat_ftp",
-                                          "nf_nat_irc",
-                                          "nf_nat_sip",
-                                          "nf_nat_tftp",
-                                          "nf_nat_pptp",
-                                          "nf_nat_h323"};
-    int                      errsv;
-    guint                    i;
+    static const char *const modules_iptables[] = {"ip_tables", "iptable_nat"};
+    static const char *const modules_nftables[] =
+        {"nf_nat_ftp", "nf_nat_irc", "nf_nat_sip", "nf_nat_tftp", "nf_nat_pptp", "nf_nat_h323"};
+    int   errsv;
+    guint i;
+
+    switch (nm_firewall_utils_get_backend()) {
+    case NM_FIREWALL_BACKEND_IPTABLES:
+        for (i = 0; i < G_N_ELEMENTS(modules_iptables); i++)
+            nmp_utils_modprobe(NULL, FALSE, modules_iptables[i], NULL);
+        break;
+    case NM_FIREWALL_BACKEND_NFTABLES:
+        for (i = 0; i < G_N_ELEMENTS(modules_nftables); i++)
+            nmp_utils_modprobe(NULL, FALSE, modules_nftables[i], NULL);
+        break;
+    case NM_FIREWALL_BACKEND_NONE:
+        /* do not modify network settings like ip forwarding */
+        return TRUE;
+    default:
+        nm_assert_not_reached();
+        break;
+    }

    if (nm_platform_sysctl_get_int32(nm_device_get_platform(self),
                                     NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv4/ip_forward"),
@ -12301,9 +12313,6 @@ _dev_ipshared4_init(NMDevice *self)
                       nm_strerror_native(errsv));
    }

-    for (i = 0; i < G_N_ELEMENTS(modules); i++)
-        nmp_utils_modprobe(NULL, FALSE, modules[i], NULL);
-
    return TRUE;
 }