Posted in Howto Iptables Linux Security

Loading additional iptables modules under CentOS 4.x

May 7, 2006 - 1 comment

If you need a recurrent iptables modules to be loaded (let’s say the conntracking modules for FTP connections) you can either :
- issue “modprobe ip_conntrack_ftp” at the CLI everytime you need it
- add “modprobe ip_conntrack_ftp” under rc.local
- edit /etc/init.d/iptables and add “modprobe ip_conntrack” under the “start” argument

or

- the proper way : edit /etc/sysconfig/iptables-config

IPTABLES_MODULES="ip_conntrack_ftp"

Anytime you’ll start or restart iptables, the modules will be loaded :

[root@localhost](1035)# service iptables condrestart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: nat filter                [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
Loading additional iptables modules: ip_conntrack_ftp      [  OK  ]

Comments

Al Mazin

December 12, 2006 - 9:08

I have to thenk you!
CentOS 4.4 made me a bit crazy with passive FTP problem in iptables

Trackback URI Comments RSS

Leave Comment

Please consider visiting the partners below if you enjoyed this article :

If this post saved you time and money, please consider checking my Amazon wishlist.

Before submitting, some rules :
- Is your comment related to the article ?
- You're having a problem ? Have you checked Google, other howtos, docs, manpages ?
- You're still having the problem ? Have you raised log verbosity, checked traces, ran tcpdump ?
- Have you checked your configuratoin for typo ?
Unless your comment is providing additional info or respect the rules above, DON'T comment.
If you don't understand what you are doing, I urge you to read the documentation, I'm not your free Level 1 helpdesk guy.