you could try with -M '' (or something like that) if you want to prevent even xtables from being loaded. Although that will probably still not prevent iptable_filter from being loaded if ip_tables is already loaded... On Thu, May 26, 2011 at 20:28, Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote: > Le jeudi 26 mai 2011 à 18:53 +0200, Patrick McHardy a Ãcrit : >> The netfilter coreteam presents: >> >>   iptables version 1.4.10 >> >> the iptables release for the 2.6.39 kernels. Due to some mistakes >> on my side we didn't have a release for longer than expected, so >> this contains a rather large number of changes. >> >> Changes include: >> > > ... >> - a new iptables option "-C" to check for existance of a rules > > Nice, but this still loads modules... > > # lsmod | grep ipta > # ./iptables -C INPUT -p tcp > iptables: Bad rule (does a matching rule exist in that chain?). > # lsmod | grep ipta > iptable_filter     Â1730 Â0 > ip_tables       Â15958 Â1 iptable_filter > x_tables        22998 Â3 iptable_filter,ip_tables,xt_tcpudp > > > > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at Âhttp://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
