Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

iptables, modules and hotplugging
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
sjod
n00b
n00b


Joined: 24 Sep 2002
Posts: 22
PostPosted: Sat Nov 06, 2004 1:50 am    Post subject: iptables, modules and hotplugging Reply with quote
Hi,

I have a whole stack of routing related modules, ip_conntrack*, ip_nat* and was wondering what the effect of not loading these into the gateway would be.

Is there a way to get hotplugging to load these modules on demand, or am I going to have to load all these on startup (in which case I might as well build them directly into the kernel)?
Back to top
View user's profile Send private message
SoTired
Apprentice
Apprentice


Joined: 19 May 2004
Posts: 174
PostPosted: Sat Nov 06, 2004 3:35 am    Post subject: Reply with quote
The modules all have specific purposes, so it's hard to say what not loading all of them would do.

If you don't load conntrack connections wont be tracked anymore, so rules that use the state of the connection (new, related, established, and what have you) wont work anymore.

NAT provides network address translation, removing that will probably break all of your NAT rules, though I'm not positive about that.

The modules would probably be needed when iptables first loads, hence any dynamic loading of them would be rather pointless.

Compiling into the kernel has advantages and disadvanges - none of the modules are going to increase the size much, and they wont slow anything (well, maybe iptables a bit) down, however so there's no real drawbacks to compiling them in (unless kernel size must be kept down.) On the other hand, loading them as modules will work fine too.
Back to top
View user's profile Send private message
splooge
l33t
l33t


Joined: 30 Aug 2002
Posts: 636
PostPosted: Sat Nov 06, 2004 3:49 am    Post subject: Reply with quote
iptables will automagically load the modules it needs if they exist. It knows which module to load from the commands you pass to it.

whether you make modules or compile it into the kernel is personal preference (do you have a need to unload them once loaded?) and won't affect the speed of the system.
_________________
http://get.a.clue.de
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy