On 20/04/2011 08:31, Jozsef Kadlecsik wrote: > The module "ip_set" is loaded in if the "ipset" program is installed and > invoked on that system. Aha, that is almost certainly the cause. As well as kernel, I had updated the software image to include ipset/conntrack and didn't connect the events I see that I obviously haven't built my image correctly and included the ip_set module - apologies to the iptables folks - obviously user error here.. So, in conclusion, with the two patches from Maciej, there is now no modprobe activity in the event of static iptables and kernel with all modules built-in. Perfect Thanks for everyone's interest in this - superb response Ed W -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html