No, I am using the vanilla iptables package and the iptables script there does a iptables-restore as part of its 'start' functionality. So it needs the modules to be available at that point. I'll look at a patch to fix it. I don't want to use shorewall as I've got a lot of QoS stuff going on in the 'mangle' table, and it's just easier to configure it all manually.
John On 18/01/17 17:09, kp kirchdoerfer wrote: > Hi; > > I understand you are talking neither about about shorewall nor > /etc/init.d/iptables (start/stop/restart), which seesm to work, but plain > iptables(-restore) binary? > > kp > > Am Mittwoch, 18. Januar 2017, 10:15:03 schrieb John Sager: >> I'm trying to get 6.0.2-rc1 working on a PC Engines apu2c2 but there are >> problems with loading modules in some cases. I note that the moddb stuff has >> been removed and all module loading is now done from modules.sqfs mounted >> to /lib/modules/$KVER. Although this works at early boot time to load >> modules in /etc/modules it fails later on for iptables-restore and >> ip6tables-restore. iptables and ip6tables autoload modules as needed for the >> specific rules required. Although the scripts in /etc/init.d for iptables & >> ip6tables mount modules.sqfs to load the helper modules in IPTABLES_MODULES >> they don't for the -restore operation. iptables-restore is effectively just >> a wrapper round iptables so it autoloads modules in the same way. >> >> There are other configuration applications that operate closely with the >> kernel - e.g tc - and perhaps some of them also autoload modules as >> necessary. They will also fail in the absence of a mounted modules.sqfs, as >> will ad-hoc use of iptables during testing of new configurations in a >> working environment. >> >> For the moment I will solve it by creating a version of /etc/modules from a >> lsmod listing once everything is running properly but a better solution than >> that is needed. Are there issues with mounting modules.sqfs permanently? >> Would mounting /dev/sda1 permanently & readonly interfere with mounting it >> readwrite temporarily somewhere else to update configdb.lrp? >> >> regards, >> >> John Sager >> >> ---------------------------------------------------------------------------- >> -- Check out the vibrant tech community on one of the world's most >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >> ------------------------------------------------------------------------ >> leaf-user mailing list: leaf-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/leaf-user >> Support Request -- http://leaf-project.org/ > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > ------------------------------------------------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
