From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: [PATCH] firewall: Ensure the xt_geoip module is always loaded Date: Tue, 01 Feb 2022 17:19:20 +0000 Message-ID: <6845b9e9-54ef-5584-f10e-4778f51bde97@ipfire.org> In-Reply-To: <723823EE-B712-4C51-BF85-5DC3059C76C8@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6510293786821481871==" List-Id: --===============6510293786821481871== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Michael, thanks for your reply. I have no idea, but am interested in the root cause of this as well. It only = happens while loading the firewall engine on first boot. On every subsequent boot, ip= tables does not complain. Thanks, and best regards, Peter M=C3=BCller > Hello, >=20 > I would be great to know *why* this is happening. >=20 > iptables should automatically trigger loading the kernel module. >=20 > Did we just forget to run something like depmod -a? >=20 > -Michael >=20 >> On 30 Jan 2022, at 17:08, Peter M=C3=BCller w= rote: >> >> For some reason, this module is not present after the very first boot of >> an IPFire installation. >> >> Fixes: #12767 >> >> Reported-by: Arne Fitzenreiter >> Signed-off-by: Peter M=C3=BCller >> --- >> src/initscripts/system/firewall | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/src/initscripts/system/firewall b/src/initscripts/system/fire= wall >> index ebc8168ae..bfab6d538 100644 >> --- a/src/initscripts/system/firewall >> +++ b/src/initscripts/system/firewall >> @@ -39,6 +39,9 @@ iptables_init() { >> iptables -P FORWARD DROP >> iptables -P OUTPUT ACCEPT >> >> + # Ensure the xt_geoip module is always loaded (#12767) >> + modprobe xt_geoip >> + >> # Enable TRACE logging to syslog >> modprobe nf_log_ipv4 >> sysctl -q -w net.netfilter.nf_log.2=3Dnf_log_ipv4 >> --=20 >> 2.31.1 >=20 --===============6510293786821481871==--