Brian J. Murrell wrote: > This might start out a little OT but please bear with me as depending on > the answer to the OT question, this might come back around to being > quite on-topic for the list. > > I'm wondering, given a kernel with no netfilter/iptables modules > installed (into the running kernel, they are in the /lib/modules/$(uname > -r) tree obviously), when I do: > > iptables -I foo -m state ... > > Is the xt_state module supposed to somehow magically get autoloaded into > the kernel or will that iptables command fail until something/somebody > externally issues a "modprobe xt_state"?
It depends. The Linux kernel can be built either with or without module autoloading. The 'modprobe' utility only works if module autoloading is enabled. In most cases, when autoloading is enabled, needed modules are loaded on demand without an explicit 'modprobe' command. The exception is that netfilter nat and conntrack helper modules are not autoloaded; they require an explicit 'modprobe' command. When autoloading is not enabled, modules must be excplcitly loaded using the 'insmod' command. Using insmod, the file name of the module must be specified and all dependencies for the module must be already loaded. Shorewall supports either model. By default, it tries to modprobe/insmod everything it could possibly need by processing the /usr/share/shorewall/modules file. You can copy that file to /etc/shorewall/ and remove everything that you don't need; if your kernel has autoloading, about the only thing left will be the conntrack/nat helpers that you use and some traffic shaping modules (if you use them). ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
