[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


using insmod (iptables)

Posted on 2004-11-02
Medium Priority
Last Modified: 2012-06-21
Hi there,

I have an iptables running as gateway firewall. Currently when I reload my firewall after editing the rules I get the following messages about modules already existing. How can I clean my bash script to check whether a module has already been already befoe loading.

#/etc/rc.d/rc.firewall reload

Using /lib/modules/2.4.20-13.7custom/kernel/net/ipv4/netfilter/ip_tables.o
insmod: a module named ip_tables already exists
Using /lib/modules/2.4.20-13.7custom/kernel/net/ipv4/netfilter/ip_conntrack.o
insmod: a module named ip_conntrack already exists
Using /lib/modules/2.4.20-13.7custom/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o
insmod: a module named ip_conntrack_ftp already exists



Question by:jjbarnsley
LVL 38

Expert Comment

ID: 12479506

   What kind of Linux you have? SuSE or RedHat?

If you use RedHat, then

1. After configuring to your likes with Firestarter, run
 /etc/init.d/iptables save
to save the configuration.

2. The stock system has both ipchains and iptables enabled, and for some unknown reason, tries to bring
 up ipchains first.  If it succeeds, then iptables is locked out, because they are mutually exclusive. So run:
# chkconfig --level 2345 ipchains off
# /etc/init.d/ipchains stop

3. # /etc/init.d/iptables start


Accepted Solution

Anonymouslemming earned 1500 total points
ID: 12487870
You could clean your script, or you could just ignore the warnings. The module won't be loaded a second time, so there shouldn't be any risk.

Just find the insmod or modprobe lines in the shell script and append > /dev/null 2>&1 to the end of each line. For instance, if you were doing
insmod foo
change this to
insmod foo > /dev/null 2>&1

Your other option would be something like
TABLES=`/sbin/lsmod | grep iptables`
CONNTRACK=`/sbin/lsmod | grep ip_conntrack | grep -v ip_conntrack_ftp`
CONNTRACK_FTP=`/sbin/lsmod | grep ip_conntrack_ftp`
if [ x"${TABLES} == x ]; then /sbin/modprobe iptables; fi
if [ x"${CONNTRACK} == x ]; then /sbin/modprobe ip_conntrack; fi
if [ x"${CONNTRACK_FTP} == x ]; then /sbin/modprobe ip_conntrack_ftp; fi

Personally, I'd just pipe them off to /dev/null :D

Expert Comment

ID: 12495533
You shouldnt need to use insmod anyway the iptables modules are autoloading are they not?

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month19 days, 11 hours left to enroll

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question