kmod-setup: load ip_tables kmod at boot

poettering · poettering · commit 1d3087978a8e · 2015-04-22T13:50:56.000+02:00
The module is currently no auto-loadable (and this is unlikely to change
anytime soon, given it's API is via getsockopt/setsockopt). It is needed
by networkd and nspawn currently.

Users who really don't like the module to be loaded have the option to
blacklist it still, or not compile it at all. But for all others this
should make things work out-of-the-box.
diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c
@@ -60,16 +60,19 @@ int kmod_setup(void) {
                 bool (*condition_fn)(void);
         } kmod_table[] = {
                 /* auto-loading on use doesn't work before udev is up */
-                { "autofs4", "/sys/class/misc/autofs", true, NULL                 },
+                { "autofs4",   "/sys/class/misc/autofs",    true,  NULL                },
 
                 /* early configure of ::1 on the loopback device */
-                { "ipv6",    "/sys/module/ipv6",       true, NULL                 },
+                { "ipv6",      "/sys/module/ipv6",          true,  NULL                },
 
                 /* this should never be a module */
-                { "unix",    "/proc/net/unix",         true, NULL                 },
+                { "unix",      "/proc/net/unix",            true,  NULL                },
 
                 /* IPC is needed before we bring up any other services */
-                { "kdbus",   "/sys/fs/kdbus",          false, cmdline_check_kdbus },
+                { "kdbus",     "/sys/fs/kdbus",             false, cmdline_check_kdbus },
+
+                /* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */
+                { "ip_tables", "/proc/net/ip_tables_names", false, NULL                },
         };
         struct kmod_ctx *ctx = NULL;
         unsigned int i;
