Where should I load iptables modules, for example ip_conntrack and ip_conntrack_ftp.
Places I have found that might be candidates, but are they?
- The IPTABLES_MODULES variable in /etc/init.d/iptables
- In /etc/modprobe.conf
- In /etc/modprobe.d/xxxx.conf
Asked
Active
Viewed 3.7k times
2 Answers
17
For iptables on CentOS there is an additional location which is where I have those particular modules configured to load and that's the /etc/sysconfig/iptables-config file. The start of the file looks like this
# Load additional iptables modules (nat helpers)
# Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
IPTABLES_MODULES="nf_conntrack_ftp nf_conntrack"
When I run service iptables restart I get this line
Loading additional iptables modules: nf_conntrack_ftp nf_co[ OK ]
If I play with the contents of the
IPTABLES_MODULES="nf_conntrack_ftp nf_conntrack"
above it changes the output of the Loading additional modules line when I restart the service.
Michael Hampton
- 237,123
- 42
- 477
- 940
user9517
- 114,104
- 20
- 206
- 289
6
None of them.
/etc/rc.d/rc.sysinit looking for two locations to load modules:
# Load other user-defined modules
for file in /etc/sysconfig/modules/*.modules ; do
[ -x $file ] && $file
done
# Load modules (for backward compatibility with VARs)
if [ -f /etc/rc.modules ]; then
/etc/rc.modules
fi
So, you should put the loading command into /etc/sysconfig/modules/*.modules or /etc/rc.modules:
# echo "modprobe ip_conntrack" >> /etc/sysconfig/modules/iptables.modules
# chmod +x /etc/sysconfig/modules/iptables.modules
quanta
- 50,327
- 19
- 152
- 213
-
Looks like you are answering all my questions. This was the general answer to my question, and @Iain had the answer to the problem I actually tried to solve. – Arlukin Nov 01 '11 at 15:01
-
For ubuntu, how can I do the same ? I need to load ip_nat_pptp module here. – Shyamkkhadka Jun 17 '19 at 08:17