using insmod (iptables)

Hi there,

I have an iptables running as gateway firewall. Currently when I reload my firewall after editing the rules I get the following messages about modules already existing. How can I clean my bash script to check whether a module has already been already befoe loading.

#/etc/rc.d/rc.firewall reload

Using /lib/modules/2.4.20-13.7custom/kernel/net/ipv4/netfilter/ip_tables.o
insmod: a module named ip_tables already exists
Using /lib/modules/2.4.20-13.7custom/kernel/net/ipv4/netfilter/ip_conntrack.o
insmod: a module named ip_conntrack already exists
Using /lib/modules/2.4.20-13.7custom/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o
insmod: a module named ip_conntrack_ftp already exists

thanks,

John

jjbarnsleyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

wesly_chenCommented:
Hi,

   What kind of Linux you have? SuSE or RedHat?

If you use RedHat, then

1. After configuring to your likes with Firestarter, run
 /etc/init.d/iptables save
to save the configuration.

2. The stock system has both ipchains and iptables enabled, and for some unknown reason, tries to bring
 up ipchains first.  If it succeeds, then iptables is locked out, because they are mutually exclusive. So run:
# chkconfig --level 2345 ipchains off
# /etc/init.d/ipchains stop

3. # /etc/init.d/iptables start

Wesly
0
AnonymouslemmingCommented:
You could clean your script, or you could just ignore the warnings. The module won't be loaded a second time, so there shouldn't be any risk.

Just find the insmod or modprobe lines in the shell script and append > /dev/null 2>&1 to the end of each line. For instance, if you were doing
insmod foo
change this to
insmod foo > /dev/null 2>&1

Your other option would be something like
TABLES=`/sbin/lsmod | grep iptables`
CONNTRACK=`/sbin/lsmod | grep ip_conntrack | grep -v ip_conntrack_ftp`
CONNTRACK_FTP=`/sbin/lsmod | grep ip_conntrack_ftp`
if [ x"${TABLES} == x ]; then /sbin/modprobe iptables; fi
if [ x"${CONNTRACK} == x ]; then /sbin/modprobe ip_conntrack; fi
if [ x"${CONNTRACK_FTP} == x ]; then /sbin/modprobe ip_conntrack_ftp; fi

Personally, I'd just pipe them off to /dev/null :D
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
paranoidcookieCommented:
You shouldnt need to use insmod anyway the iptables modules are autoloading are they not?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.