> happen? ie. there should not be any attempted loads of ip_set without > "iptables -m set" being called (or equivalent). Actually, are you sure the module is called 'ip_set'? Kernel iptables match and target extensions are named xt_* or ipt_* or ip6t_*. If the module is called ip_set and not ipt_set, then maybe we're seeing some other dependency chain? http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=net/netfilter/xt_set.c;h=b3babaed7719b770e02d478091885e7692eac68a;hb=2f666bcf757cb72549f360ef6da02f03620a48b6 contains: 21 MODULE_LICENSE("GPL"); 22 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>"); 23 MODULE_DESCRIPTION("Xtables: IP set match and target module"); 24 MODULE_ALIAS("xt_SET"); 25 MODULE_ALIAS("ipt_set"); 26 MODULE_ALIAS("ip6t_set"); 27 MODULE_ALIAS("ipt_SET"); 28 MODULE_ALIAS("ip6t_SET"); (plus the name derived from the filename which is 'xt_set') so I'm guessing your 'ip_set' was simply a typo and should have been 'ipt_set'. - Maciej -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
