> -1 to the user for not reading it ;-) I guess my point wasn't clear - I HAD already read it. Just saying thanks for being very patient with me and assuming otherwise >> Yes, although these modules are being probed for even on a zero >> (missing) input to iptables-restore. However, that seems consistent >> with a v1.4.10 iptables --enable-static based binary? Presumably this >> just probes everything? > > Yes, and that which does not exist in the kernel you pay with a modprobe > call then. That would not only include SET, but also extensions long > obsoleted, such as libipt_unclean's counterpart. Hmm, for the moment I'm happy to simply patch out all modprobe calls in xtables.c, but there may come a time when I need more flexibility. Does anyone care enough about this to consider a more clever solution? The issue would be that someone might genuinely want to forward/backward port modules between kernel releases, however, perhaps it would be reasonable to offer a compile time option for use with --enable-static which limits compiled in modules to those which match a kernel version? I can see lots of negatives here - does anyone have a better idea? Thanks Ed W -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
