Re: iptables with no module support?

To: debian-security@lists.debian.org
Subject: Re: iptables with no module support?
From: Keegan Quinn <kquinn@respond2.com>
Date: Wed, 23 Apr 2003 09:31:11 -0800
Message-id: <[🔎] 200304231031.11821.kquinn@respond2.com>
In-reply-to: <[🔎] 20030423141703.GA19250@server-01.lan.hexstream.eu.org>
References: <[🔎] 20030423141703.GA19250@server-01.lan.hexstream.eu.org>

On Wednesday 23 April 2003 07:17 am, David Ramsden wrote:
> I'm building a 'secure' server.
> I downloaded the 2.4.20 kernel source from kernel.org and patched with
> grsecurity (latest patch).
> I also disabled loadable modules or any module support in the kernel for
> added security - So everything is compiled in to the kernel.

grsecurity - good.  You should know that the actual benefit of not allowing 
modules is highly questionable, since there are other means of inserting 
kernel code.

> However, iptables won't work, saying it can't initialise iptables table
> 'filter' and saying "do you need to insmod?".
> So does iptables require module support? I don't want to use modules
> though! :-)
> Surely the Netfilter people would have thought of this?

iptables works fine compiled.  You managed to avoid compiling in the actual 
iptables code when you built your kernel.  Make sure you're defining 
CONFIG_IP_NF_IPTABLES and any related options you want, in your kernel 
configuration.

 - Keegan

Reply to:

Follow-Ups:
- Re: iptables with no module support?
  - From: Keegan Quinn <kquinn@respond2.com>

References:
- iptables with no module support?
  - From: David Ramsden <david@hexstream.eu.org>

Prev by Date: static stunnel
Next by Date: Secure remote syslogging?
Previous by thread: Re: iptables with no module support?
Next by thread: Re: iptables with no module support?
Index(es):
- Date
- Thread