[Firehol-support] About save and iptables restore
Costa Tsaousis
costa at tsaousis.gr
Fri Jul 20 22:21:47 BST 2007
Mirko Buffoni wrote:
> I tried to restore a previously saved iptables config, and suddenly, after
> a reboot, ftp
> for passive mode didn't work anymore. I understand it is due to the fact
> that kernel haven't
> loaded ip_nat_ftp, ip_conntrack_ftp modules.
>
> Would you think it would be possible to save all the modules required by
> firehol in the
> iptables config file (i.e. as a comment in the second line, like this
>
> # insmod: ip_nat_ftp ip_conntrack_ftp ...
>
> since now it's firehol itself to generate iptables save script, it could
> handle also this)
>
> so that with a simple function in iptables init script, that checks for #
> insmod: presence and
> loop through them for preload, could solve the problem with kernel modules
> preloading?
>
FireHOL v1.258 when saving the iptables firewall with iptables-save, it
also creates the script /var/spool/firehol/last_save_modules.sh which is
already executable and can be run to restore the required kernel modules.
Just run it from rc.local or any other convenient boot script according
to your distribution.
The script /var/spool/firehol/last_save_modules.sh is created even if no
modules are required (but only when the iptables 'save' is made by firehol).
Costa
More information about the Firehol-support
mailing list