FC6: Where is ip_conntrack_ftp being loaded from?
Eric Wood
eric at interplas.com
Thu Apr 5 01:39:03 UTC 2007
----- Original Message -----
From: "John DeDourek" <dedourek at unb.ca>
> The netfilter code in the kernel that actually implements the packet
> filtering
> requires various modules be loaded to perform the tests and actions
> required by each of these rules. I believe that the kernel (or the
> iptables
> utility) automatically loads the modules required by each rule when that
> rule is handed over to the kernel for incorporation into the netfilter
> "tables".
Embarassingly, I found that I was explicitly "modprobe ip_conntrack_ftp" the
module with my self-made iptable bash script. For a moment my thinking was
like yours. I got to wondering that if I only make some udp iptables rules
for sip phone devices, then how would ip_conntrack_sip load up all by
itself? By port number? I was thinking that ip_conntrack_ftp was loading up
just because I had port 20 and port 21 open.... duh!
No, I don't think that the kernel would every be smart enough to load a ip
module based on TCP/IP port number because ports can be easily redefined.
However, kernels are able to autoload device driver modules because it knows
more about what modules belong to which major/minor number device files.
-eric
More information about the fedora-list
mailing list