Bug 44905 - RFE: automatic loading of modules
RFE: automatic loading of modules
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
9
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-06-18 14:53 EDT by Gerald Teschl
Modified: 2007-03-26 23:45 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-07-03 05:32:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Gerald Teschl 2001-06-18 14:53:58 EDT
Description of Problem:
Some modules don't get autoloaded by iptables (e.g., ip_conntrack_ftp,
...). Hence there
needs to be a way of loading those modules via the init script.

Hence I recommend adding a file /etc/sysconfig/iptables_modules and have
/etc/init.d/iptables modprobe all modules in this file:

--- iptables.orig       Thu Mar 22 07:27:45 2001
+++ iptables    Mon Jun 18 20:56:33 2001
@@ -18,6 +18,7 @@
 . /etc/init.d/functions
 
 IPTABLES_CONFIG=/etc/sysconfig/iptables
+IPTABLES_MODULES=/etc/sysconfig/iptables_modules
 
 if [ ! -x /sbin/iptables ]; then
        exit 0
@@ -43,6 +44,12 @@
 start() {
        # don't do squat if we don't have the config file
        if [ -f $IPTABLES_CONFIG ]; then
+           if [ -f $IPTABLES_MODULES ]; then
+               for module in `grep -v "^#" $IPTABLES_MODULES`; do
+                       modprobe $module
+               done
+           fi
+
            # If we don't clear these first, we might be adding to
            #  pre-existing rules.
            action $"Flushing all current rules and user defined chains:"
iptables -F
Comment 1 Gerald Teschl 2001-06-24 07:57:35 EDT
Maybe this should be added to ipatbles-save/restore.
Comment 2 Bernhard Rosenkraenzer 2001-07-10 11:24:09 EDT
Added in 1.2.2-3 (not yet in iptables-save, though)
Comment 3 Nils Philippsen 2002-01-18 02:56:21 EST
Still no way to make conntrack and nat modules permanent (neither with
iptables-save or some /etc/sysconfig/iptables-modules or else).
Comment 4 Nils Philippsen 2002-01-18 02:57:57 EST
Forgot: That's iptables 1.2.4-2 here.
Comment 5 Gerald Teschl 2002-05-08 15:16:11 EDT
A possible fix is to add the line

above ip_conntrack ip_conntrack_ftp

to /etc/modules.conf
Comment 6 Gerald Teschl 2003-04-07 15:44:13 EDT
This still seems to apply to 9.
Comment 7 Thomas Woerner 2003-07-03 05:32:13 EDT
Fixed in the new 1.2.8-4.x version. This version has a new startup script and an
additional config file.


/etc/sysconfig/iptables-config:
> # Additional iptables modules (nat helper)
> # Default: -empty-
> #IPTABLES_MODULES="ip_nat_ftp"
> 
> # Save current firewall rules on stop.
> # Value: yes|no,  default: no
> #IPTABLES_SAVE_ON_STOP="no"
> 
> # Save current firewall rules on restart.
> # Value: yes|no,  default: no
> #IPTABLES_SAVE_ON_RESTART="no"
> 
> # Save rule counter.
> # Value: yes|no,  default: yes
> #IPTABLES_SAVE_COUNTER="yes"
> 
> # Numeric status output
> # Value: yes|no,  default: no
> #IPTABLES_STATUS_NUMERIC="no"


RPM packages for 7.x:
http://people.redhat.com/twoerner/RPMS/7.x/iptables-1.2.8-4.73.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/7.x/iptables-ipv6-1.2.8-4.73.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.73.1.src.rpm

RPM packages for 8.0:
http://people.redhat.com/twoerner/RPMS/8.0/iptables-1.2.8-4.80.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/8.0/iptables-ipv6-1.2.8-4.80.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.80.1.src.rpm

RPM packages for 9:
http://people.redhat.com/twoerner/RPMS/9/iptables-1.2.8-4.90.1.i386.rpm
http://people.redhat.com/twoerner/RPMS/9/iptables-ipv6-1.2.8-4.90.1.i386.rpm
http://people.redhat.com/twoerner/SRPMS/iptables-1.2.8-4.90.1.src.rpm

Note You need to log in before you can comment on or make changes to this bug.