Re: iptables with no module support?
On Wednesday 23 April 2003 07:17 am, David Ramsden wrote:
> I'm building a 'secure' server.
> I downloaded the 2.4.20 kernel source from kernel.org and patched with
> grsecurity (latest patch).
> I also disabled loadable modules or any module support in the kernel for
> added security - So everything is compiled in to the kernel.
grsecurity - good. You should know that the actual benefit of not allowing
modules is highly questionable, since there are other means of inserting
kernel code.
> However, iptables won't work, saying it can't initialise iptables table
> 'filter' and saying "do you need to insmod?".
> So does iptables require module support? I don't want to use modules
> though! :-)
> Surely the Netfilter people would have thought of this?
iptables works fine compiled. You managed to avoid compiling in the actual
iptables code when you built your kernel. Make sure you're defining
CONFIG_IP_NF_IPTABLES and any related options you want, in your kernel
configuration.
- Keegan
Reply to: