On Sun, May 17, 2015 at 5:30 PM, Michael Biebl <mbi...@gmail.com> wrote: > 2015-05-15 22:16 GMT+02:00 Tom Gundersen <t...@jklm.no>: >> on-demand I agree with Lennart that it makes the most sense to simply >> unconditionally load the modules. If this is undesirable the solution >> should be to teach the kernel to auto-load the modules, not to expect >> the admin to figure out that explicit loading is required, IMHO. > > And now we expect that the admin figures out how to disable loading of > the iptables module, which isn't anymore obvious.
Out of interest, what is the 'regression' users would experience by having the iptables module loaded? Or is it just about the principle of not wanting to load a module unless it is actually used? > What I was suggesting was, that the iptables modules should only be > loaded on demand, i.e. when the firewalling functionality is actually > used. If so, this should be done by the kernel. > Lennart did argue, that he didn't want to do that within > networkd, since he didn't want to grant networkd that capability to > load modules and therefor to load the module unconditionally in PID 1. > But moving the modules loading out of networkd doesn't mean, it has to > be done unconditonally, see how we did it for > udev/kmod-static-nodes.service Hm, this is all about letting the kernel do the module loading lazily on-demand, so I'd be all for that, but then the kernel would need to learn how to do that for iptables first... Cheers, Tom _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
