solicards.blogg.se - Locad ipset at startup

Jun 25 20:06:33 madeleine kernel: All bugs added by David S. Jun 25 20:06:33 madeleine kernel: 802.1Q VLAN Support v1.8 Ben Greear Jun 25 20:06:33 madeleine kernel: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Jun 25 20:06:33 madeleine kernel: ADDRCONF(NETDEV_UP): eth2: link is not ready Jun 25 20:06:33 madeleine kernel: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready Jun 25 20:06:33 madeleine kernel: ADDRCONF(NETDEV_UP): eth1: link is not ready Jun 25 20:06:33 madeleine kernel: lo: Disabled Privacy Extensions Jun 25 20:06:33 madeleine kernel: NET: Registered protocol family 10 Jun 25 20:06:33 madeleine kernel: EXT4-fs (md3): mounted filesystem with ordered data mode. Jun 25 20:06:33 madeleine kernel: EXT4-fs (md4): mounted filesystem with ordered data mode. Jun 25 20:06:33 madeleine kernel: EXT4-fs (md0): mounted filesystem with ordered data mode. Jun 25 20:06:33 madeleine kernel: ip_set: protocol 6 Jun 25 20:06:33 madeleine kernel: Netfilter messages via NETLINK v0.30. This will be loaded by /etc/rc.d/rc.sysinit before iptables starts, as shown by this snippet from /var/log/messages It works so why bother with something else, but I am a bit of a purist and also like to increase my knowledge.įound a much more 'elegant' method to fix this that will survive rpm updates.Ĭreate a file as shown here and make ~]# cat /etc/sysconfig/modules/ipset.modules You can test for it having loaded before trying to load it with a: if thenīut it seems wrong having to do this. This suggest to me that you have to modprobe it from /etc/rc.local but then there is no guarantee of it loading before the firewall, or loading it from /etc/clearos/firewall.d/local so it loads when the firewall loads, but this seems wrong as it will try to load it every time the firewall restarts.

If you remove the file you can modprobe it successfully. You can reproduce this by removing the module then using "modprobe ip_set -v" while the file etc/modprobe.d/ip_set.conf with a line "install ip_set" in it exists. If you try loading it from there you get a: WARNING: /etc/modprobe.d/ip_set.conf line 1: ignoring bad line starting with 'install' Ages ago I thought I'd be clever and load it from /etc/modprobe.d from a file I called ip_set.conf but it does not work (as I found when I rebooted the machine yesterday). I use ipset for various bits of firewall blocking and have a script which modprobes it if it is not loaded.