Yep, looks like you have the necessary stuff for iptables loaded. You
might notice in some of those example scripts (from the email earlier in
this thread) that most load the necessary modules that they require.
For example, here is a section of my own firewalling script that
contains the module loading (I based my script heavily on the one that I
recommended by [EMAIL PROTECTED], whoever that is:
#---------------------------------------------------------------------------
# Load IPTABLES-modules and Clear/Reset all chains and set default
policies
#---------------------------------------------------------------------------
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
# If the IRC-modules below are available, uncomment them
# /sbin/modprobe ip_conntrack_irc ports=$IRCPORTS
# /sbin/modprobe ip_nat_irc ports=$IRCPORTS
There are other modules that can be loaded for filtering. I'm not sure
if there is an easier way to discover which non-loaded modules are
available, but a ls of
/lib/modules/2.4.18-6mdk/kernel/net/ipv4/netfilter should give you a
rough idea of what is available. I think some of these are loaded
implicitly by modprobe (which figures out dependencies) when loading
modules. The dependency relationships of loaded modules can be seen in
your output from lsmod. Also, I believe that the iptables command will
load any necessary kernel modules for certain functionality that is left
out until needed (such as logging). Anybody with a better understanding
of modules or packet filtering on Linux should chime in here as I am by
no means very knowledgable about such things -- I know enough, I
suppose, to be dangerous. :)
Rob
Lyvim Xaphir wrote:
>Check out the dumps below. Keep in mind that this system was installed
>with iptables only; I manually chose all the packages during
>installation (which you can bet I saved THAT on floppy!! ). Except for
>the KDE workstation setup option, which put a large number of packages
>in for itself, which ipchains was not amoungst them. I specifically
>avoided loading ipchains during installation because I knew I was going
>with iptables. I suppose you can tell that I agreed with you about
>iptables being better. ;)
>
>I track what's loaded for Mandrake Control Center operations very
>closely; that's how I noticed that ipchains was installed. I did'nt
>actually go looking until today, however.
>
><snip lsmod output>
>
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
