using insmod (iptables)

Posted on 2004-11-02
Last Modified: 2012-06-21
Hi there,

I have an iptables running as gateway firewall. Currently when I reload my firewall after editing the rules I get the following messages about modules already existing. How can I clean my bash script to check whether a module has already been already befoe loading.

#/etc/rc.d/rc.firewall reload

Using /lib/modules/2.4.20-13.7custom/kernel/net/ipv4/netfilter/ip_tables.o
insmod: a module named ip_tables already exists
Using /lib/modules/2.4.20-13.7custom/kernel/net/ipv4/netfilter/ip_conntrack.o
insmod: a module named ip_conntrack already exists
Using /lib/modules/2.4.20-13.7custom/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o
insmod: a module named ip_conntrack_ftp already exists



Question by:jjbarnsley
    LVL 38

    Expert Comment


       What kind of Linux you have? SuSE or RedHat?

    If you use RedHat, then

    1. After configuring to your likes with Firestarter, run
     /etc/init.d/iptables save
    to save the configuration.

    2. The stock system has both ipchains and iptables enabled, and for some unknown reason, tries to bring
     up ipchains first.  If it succeeds, then iptables is locked out, because they are mutually exclusive. So run:
    # chkconfig --level 2345 ipchains off
    # /etc/init.d/ipchains stop

    3. # /etc/init.d/iptables start

    LVL 5

    Accepted Solution

    You could clean your script, or you could just ignore the warnings. The module won't be loaded a second time, so there shouldn't be any risk.

    Just find the insmod or modprobe lines in the shell script and append > /dev/null 2>&1 to the end of each line. For instance, if you were doing
    insmod foo
    change this to
    insmod foo > /dev/null 2>&1

    Your other option would be something like
    TABLES=`/sbin/lsmod | grep iptables`
    CONNTRACK=`/sbin/lsmod | grep ip_conntrack | grep -v ip_conntrack_ftp`
    CONNTRACK_FTP=`/sbin/lsmod | grep ip_conntrack_ftp`
    if [ x"${TABLES} == x ]; then /sbin/modprobe iptables; fi
    if [ x"${CONNTRACK} == x ]; then /sbin/modprobe ip_conntrack; fi
    if [ x"${CONNTRACK_FTP} == x ]; then /sbin/modprobe ip_conntrack_ftp; fi

    Personally, I'd just pipe them off to /dev/null :D
    LVL 5

    Expert Comment

    You shouldnt need to use insmod anyway the iptables modules are autoloading are they not?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Suggested Solutions

    I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
    SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now