IPtables

[tolano]

Hello, I'm installing iptables in the computer and I have a question.
If in the kernel, I config Netfilter Xtables Support as a module, do I have to load it every time I start the computer? Or it's loaded automatically?

Always that I compile something as a module in the kernel means that must be loaded manually in the boot to be able to use it?

If I compile IP tables support (required for filtering/mask/NAT) as a module, and then all the suboptions as a modules (is the only way), does it mean that only loading IP tables suppor will load the sub options (i.e. IP range match support, TOS match support...)

Thank you.

[mikegpitt]

Short anwser, probably yes.

Long anwser: Most people have "loadable module support" enabled in their kernel, which means that if some piece of hardware (via hotplug/coldplug or udev) needs a module, it will be automatically loaded. Also, applications like iptables will load the necessary modules when the application starts.

Of course if you want to verify what modules are loaded then so this:

[runningwithscissors]

Even if you are compiling the stuff as modules, I think you should explicitly load them at boot, since the firewall will be started at boot too, I believe.

It just makes things clearer and easier to manage. Coldplug/Hotplug should be relied on for modules that you need but not too frequently. Essential modules, I think, should be loaded explicitly.

[tolano]

How can I set wich modules should be loaded with ColdPlug/Hotplug and which not?
I'll do it manually anyway, but just to know.
Thank you.