[plug] ipchains vs iptables

Thu Mar 14 20:35:59 WST 2002

On Thursday 14 March 2002 11:47, David Broadway wrote:
> Good question! I've been playing with ipchains atm. the damn think is after
> a reboot I gotta reload the ipchains.o file, and I think if I reconnect the
> internet connection I think I gotta reload ipchains settings again.
>
> Is there a way to install ipchains.o from the boot up, or is that in a
> re-compile of the kernal?

Normally (at least in 2.4) the kernel module loader will pull that in as it's 
needed. Naturally, iptables.o relates to the newer method. To pull it in 
every reboot, just add this to the end of /etc/rc.d/rc.local (may be 
/etc/rc.local on some systems):

    modprobe iptables

You may want more modules to do useful stuff. For example, my (Mandrake 8.1, 
kernel 2.4.12 plus patches, monmotha loaded) firewall uses:

 ipt_TOS                 1312   5 (autoclean)
 ipt_state               1024   4 (autoclean)
 ipt_REJECT              3360   7 (autoclean)
 ipt_LOG                 3872  15 (autoclean)
 ipt_limit               1472  17 (autoclean)
 ipt_MASQUERADE          1792   3 (autoclean)
 iptable_mangle          2112   0 (autoclean) (unused)
 iptable_nat            17876   0 (autoclean) [ipt_MASQUERADE]
 ip_conntrack           17388   2 (autoclean) [ipt_state ipt_MASQUERADE
                                               iptable_nat]
 iptable_filter          2144   0 (autoclean) (unused)
 ip_tables              11712  11 [ipt_TOS ipt_state ipt_REJECT ipt_LOG
                                   ipt_limit ipt_MASQUERADE iptable_mangle
                                   iptable_nat iptable_filter]
 af_packet              13928   0 (autoclean)