Hi > In iptables, the options --enable-static and --enable-shared are > semantically different from other projects. Thanks for confirming - iptables also helpfully spells exactly this out in the INSTALL doc (+1 for open source documentation!!) >> Additionally, as helpfully pointed out by Jan, a chunk of my problem is >> my static iptables apparently trying to probe a kernel module which >> isn't incorporated into my kernel version. I can't immediately see a >> solution to not uselessly probing for that (without patching iptables)? >> Any ideas? > > I would have said it could be the missing SET module being the cause for > your modprobe time accumulation, but since you also use iptables-restore > that possibility, too, is eliminated. Yes, although these modules are being probed for even on a zero (missing) input to iptables-restore. However, that seems consistent with a v1.4.10 iptables --enable-static based binary? Presumably this just probes everything? (To be clear my test in my previous email was NOT using your git commit to delay mod probing) I will have to retest with your commit and without my hack to see exactly what is still being probed for Thanks Ed W -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html