iptables question for the experts
Ben Scott
dragonhawk at gmail.com
Tue Jul 18 13:30:01 EDT 2006
On 7/18/06, Steven W. Orr <steveo at syslang.net> wrote:
> Also, don't you need to have ip_conntrack loaded to deal with ftp?x
Various modules definitely need to be loaded. What I'm not sure
about is which ones are loaded automatically by the kernel/iptables
and which ones need to be loaded explicitly (be it "by hand" or via
shell script or whatever). Rather then keep track of that, I just
explicitly load them all in my firewall scripts. :)
# ----------------------------------------------------------------------------
function load_modules () {
local i moddir
echo "Loading kernel modules for firewall..."
for i in ip_tables iptable_filter ip_conntrack iptable_nat ; do
if ! grep -q "$i" /proc/modules ; then
modprobe $i
fi
done
moddir="/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter"
for i in $moddir/ip_conntrack_* ; do
i=$( basename $i .o)
if ! grep -q "$i" /proc/modules ; then
modprobe $i
fi
done
for i in $moddir/ip_nat_* ; do
i=$( basename $i .o)
if ! grep -q "$i" /proc/modules ; then
modprobe $i
fi
done
# ----------------------------------------------------------------------------
More information about the gnhlug-discuss
mailing list