在iptables服务开启的状态测试不会出现unknown key的错误,我们尝试关闭
iptables .
[root@DT2MISPDB ~]# service iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: nat filter [ OK ]
Unloading iptables modules: [ OK ]
[root@DT2MISPDB ~]#
[root@DT2MISPDB etc]# service iptables status
Firewall is stopped.
[root@DT2MISPDB etc]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmall = 2097152
kernel.shmmax = 3221225472
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 6815744
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048576
fs.aio-max-nr = 1048576
error:
"net.ipv4.ip_conntrack_max" is an unknown key
[root@DT2MISPDB etc]#
发现错误出现:
error: "net.ipv4.ip_conntrack_max" is an unknown key
使用modprobe载入ip_conntrack模块,lsmod查看模块已载入。
[root@DT2MISPDB etc]# modprobe ip_conntrack
[root@DT2MISPDB etc]# lsmod
Module Size Used by
ip_conntrack 53281 0
再次关闭iptables服务,查看
[root@DT2MISPDB etc]# service iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
[root@DT2MISPDB etc]#
[root@DT2MISPDB etc]# lsmod
结果没有发现ip_conntrack 模组。
问题 :
1. Linux下加载及卸载模块是什么意思 ? 这里的模块都是指核心模块 ?
2. 加载 ip_conntrack 模块和 iptables 服务以及 通过service iptables start 有什么关系 ?