[Firehol-devs] [Firehol-support] FireHOL to be released
Costa Tsaousis
costa at tsaousis.gr
Sun May 6 17:03:42 CEST 2007
Jeff,
1. Detection of kernel options
In version 1.255 (in the CVS) I have made firehol correctly identify
both ways of kernel options.
This means that if the iptables modules are build into the kernel,
firehol will automatically find it out and will not attempt to load them.
Keep in mind that there is the option FIREHOL_LOAD_KERNEL_MODULES which
if set to zero in the config file, the whole module management system of
firehol will be disabled.
2. Loading of kernel modules.
It seems that the old way of loading kernel modules still works. For
example:
modprobe ip_conntrack_ftp
loads kernel module nf_conntrack_ftp.
Do you know if this behavior is affected by CONFIG_NF_CONNTRACK_PROC_COMPAT?
3. Kernel options required for FireHOL
I always suggest to compile the entire netfilter family as modules. This
costs nothing (just a little bit space on disk) and allows firehol to
find what it needs when it is required to do so.
If the user requires a monolithic kernel, then the best way is to build
the entire netfilter family in the kernel.
Costa
More information about the Firehol-devs
mailing list