On Tue, 19 Apr 2011, Maciej Żenczykowski wrote: > > happen? ie. there should not be any attempted loads of ip_set without > > "iptables -m set" being called (or equivalent). > > Actually, are you sure the module is called 'ip_set'? > Kernel iptables match and target extensions are named xt_* or ipt_* or ip6t_*. > If the module is called ip_set and not ipt_set, then maybe we're > seeing some other dependency chain? > > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=net/netfilter/xt_set.c;h=b3babaed7719b770e02d478091885e7692eac68a;hb=2f666bcf757cb72549f360ef6da02f03620a48b6 > > contains: > > 21 MODULE_LICENSE("GPL"); > 22 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>"); > 23 MODULE_DESCRIPTION("Xtables: IP set match and target module"); > 24 MODULE_ALIAS("xt_SET"); > 25 MODULE_ALIAS("ipt_set"); > 26 MODULE_ALIAS("ip6t_set"); > 27 MODULE_ALIAS("ipt_SET"); > 28 MODULE_ALIAS("ip6t_SET"); > (plus the name derived from the filename which is 'xt_set') > > so I'm guessing your 'ip_set' was simply a typo and should have been 'ipt_set'. The module "ip_set" is loaded in if the "ipset" program is installed and invoked on that system. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
