I have Fedora 42 router/firewall, where I use the xt_geoip kernel module from xtables-addons in iptables. xt_geoip module is compiled using akmods after a kernel update during system boot. The problem is that akmods compilation takes place about two minutes after iptables starts - so iptables are not loaded at all.
Now I solve this problem with some shell script running in the background from rc.local and introducing the necessary delay in iptables startup. But - is there any better "more systematic" solution? Extract from the system log during boot after a kernel update: ... Sep 11 14:10:44 ns iptables.init[1551]: iptables: Applying firewall rules: Sep 11 14:10:44 ns iptables.init[1582]: Warning: Extension geoip is not supported, missing kernel module? Sep 11 14:10:44 ns iptables.init[1582]: iptables-restore v1.8.11 (nf_tables): Couldn't load match `geoip':No such file or directory Sep 11 14:10:44 ns iptables.init[1582]: Error occurred at line: 256 Sep 11 14:10:44 ns iptables.init[1551]: [FAILED] Sep 11 14:10:44 ns systemd[1]: iptables.service: Main process exited, code=exited, status=1/FAILURE ... Sep 11 14:11:11 ns akmods[1417]: Checking kmods exist for 6.16.5-200.fc42.x86_64[ OK ] ... Sep 11 14:13:33 ns akmods[1417]: Building and installing xtables-addons-kmod[ OK ] Sep 11 14:13:34 ns systemd[1]: systemd-modules-load.service: Deactivated successfully. Sep 11 14:13:34 ns systemd[1]: Stopped systemd-modules-load.service - Load Kernel Modules. Sep 11 14:13:34 ns systemd[1]: Stopping systemd-modules-load.service - Load Kernel Modules... Sep 11 14:13:34 ns systemd[1]: Starting systemd-modules-load.service - Load Kernel Modules... Sep 11 14:13:34 ns systemd-modules-load[7028]: Module 'msr' is built in Sep 11 14:13:34 ns systemd[1]: Finished systemd-modules-load.service - Load Kernel Modules. Sep 11 14:13:34 ns systemd[1]: Finished akmods.service - Builds and install new kmods from akmod packages. ... -- Thanks in advance, Franta Hanzlik -- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
