I had set the system to load ip_conntrack, ip_conntrack_ftp and ip_nat_ftp in /etc/rc.modules with modprobe commands. This worked ok untill now, but the new iptables package then unloads the modules when it is (re)started, and only looks in /etc/sysconfig/iptables-config for what modules should be restarted. So none would.
I have now added ip_conntrack_ftp and ip_nat_ftp in /etc/sysconfig/iptables-config (and removed them from /etc/rc.modules). The basic ip_conntrack is loaded automatically so I left it out. Now full ftp connection tracking is back :)
This is good to know. However, did you explicitly check whether the modules were or were not loaded after a restart and loading int he rules without changing iptables-config?
That is, the whole purpose of the Fedora Legacy security update _was_ to fix the automatic loading of modules. If this doesn't work... we have a problem.
-- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
