Re: FC6: Where is ip_conntrack_ftp being loaded from?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




----- Original Message ----- From: "John DeDourek" <dedourek@xxxxxx>
The netfilter code in the kernel that actually implements the packet filtering
requires various modules be loaded to perform the tests and actions
required by each of these rules. I believe that the kernel (or the iptables
utility) automatically loads the modules required by each rule when that
rule is handed over to the kernel for incorporation into the netfilter "tables".

Embarassingly, I found that I was explicitly "modprobe ip_conntrack_ftp" the module with my self-made iptable bash script. For a moment my thinking was like yours. I got to wondering that if I only make some udp iptables rules for sip phone devices, then how would ip_conntrack_sip load up all by itself? By port number? I was thinking that ip_conntrack_ftp was loading up just because I had port 20 and port 21 open.... duh!

No, I don't think that the kernel would every be smart enough to load a ip module based on TCP/IP port number because ports can be easily redefined. However, kernels are able to autoload device driver modules because it knows more about what modules belong to which major/minor number device files.

-eric

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux