On Tue Oct 29 2002 at 15:24, "jdow" wrote:
> From: <[EMAIL PROTECTED]>
> > =>now that i think about it, doesn't "service iptables start"
> > =>automatically load ip_tables anyway?
Yes, but...
> > I'd be careful here. If you load iptables then that's all you get. You
> > really want to explicitly load any additional other modules you might need
> > for what you're doing. e.g., If you allow any ftp traffic then you
> > probaly want to load ip_contrack and ip_contrack_ftp.
True.
> Loading specific modules you need is best done with your script in
> /etc/sysconfig/iptables or the one you run out of /etc/ppp/ip-up.local
> if you have a dynamic ppp type connection.
There is a *much* better way to automatically have the all modules
you want loaded along with ip_tables.
As an example, do something like this in /etc/modules.conf...
alias ipchains off
alias ipfwadm off
add above ip_tables iptable_filter iptable_mangle iptable_nat ip_conntrack
ipt_state ipt_unclean ipt_LOG ipt_limit
add above ip_conntrack ip_conntrack_ftp ip_conntrack_irc
add above iptable_nat ipt_MASQUERADE ip_nat_ftp
It works _really_ well... hey look ma, no hands! :-)
(btw, it doesn't need to be as complicated as this example)
> {^_^}
Cheers
Tony
