What is the correct way to load modules for iptables on Centos 6
36,118
Solution 1
None of them.
/etc/rc.d/rc.sysinit
looking for two locations to load modules:
# Load other user-defined modules
for file in /etc/sysconfig/modules/*.modules ; do
[ -x $file ] && $file
done
# Load modules (for backward compatibility with VARs)
if [ -f /etc/rc.modules ]; then
/etc/rc.modules
fi
So, you should put the loading command into /etc/sysconfig/modules/*.modules
or /etc/rc.modules
:
# echo "modprobe ip_conntrack" >> /etc/sysconfig/modules/iptables.modules
# chmod +x /etc/sysconfig/modules/iptables.modules
Solution 2
For iptables on CentOS there is an additional location which is where I have those particular modules configured to load and that's the /etc/sysconfig/iptables-config
file. The start of the file looks like this
# Load additional iptables modules (nat helpers)
# Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
IPTABLES_MODULES="nf_conntrack_ftp nf_conntrack"
When I run service iptables restart
I get this line
Loading additional iptables modules: nf_conntrack_ftp nf_co[ OK ]
If I play with the contents of the
IPTABLES_MODULES="nf_conntrack_ftp nf_conntrack"
above it changes the output of the Loading additional modules
line when I restart the service.
Related videos on Youtube
Author by
Arlukin
Updated on September 18, 2022Comments
-
Arlukin almost 2 years
Where should I load iptables modules, for example ip_conntrack and ip_conntrack_ftp.
Places I have found that might be candidates, but are they?
- The IPTABLES_MODULES variable in /etc/init.d/iptables
- In /etc/modprobe.conf
- In /etc/modprobe.d/xxxx.conf
-
Arlukin over 12 yearsLooks like you are answering all my questions. This was the general answer to my question, and @Iain had the answer to the problem I actually tried to solve.
-
Shyamkkhadka about 5 yearsFor ubuntu, how can I do the same ? I need to load ip_nat_pptp module here.