Re: How-to modify /etc/init.d/networking for stopping IPTables?

[Stefan Srdic <linuxbox@telusplanet.net>]

On January 7, 2002 01:28 am, Michael Wood wrote:
> You may be trying to rmmod the ip_tables module without first
> rmmodding the modules that are using it.
>
> e.g. if I lsmod, I get this:
> [...]
> iptable_nat            14292   0 (autoclean) (unused)
> ip_conntrack           13548   1 (autoclean) [iptable_nat]
> ip_tables              10304   3 [iptable_nat]
> [...]
>
> which means that iptable_nat is using both ip_conntrack and
> ip_tables modules, so you should first rmmod iptable_nat and
> then the other two.
>
> i.e. first "iptables -F" then "i
> ptables -X" then "rmmod
> iptable_nat; rmmod ip_conntrack; rmmod ip_tables"
>
> That should do it.

thks...

On January 7, 2002 02:12 am, Tzafrir Cohen wrote:
>
> But in what way does it "releive" your system?
>
> The memory overhead is negligable, and I believe that the prforance
> overhead is negligable with all the rules flushed (you're welcome to test
> this, of course).
>
> Will your system be running much of the time with iptables disabled?

I want to remove all IPtables modules for when I switch runlevels. So when I 
jump into single user mode my system is clean :-D But then again, the kernel 
has the IPTables modules in the autoclean state, meaning that they will be 
removed from memory when not used right? Perhaps I'm scripting for no 
reason....

For now, I'll have my rules reset and then re-ran from my ip_tables firewall 
script. That way the script always starts from a know state.

Thanks for all your help guys.

Stef