block a kernel module to be loaded
Hi All,
I have a loadbalancer with keepalived, which handles a lot of connections. That is why I use a stateless firewall (no connection tracking).
Everything goes well, but by accident I gave the command 'iptables -L -t nat'. Now the modules nf_nat, iptable_nat, nf_conntrack and nf_conntrack_ipv4 were loaded. I didn't see this, so the loadbalancer suffered high load and nodes were removed from the loadbalancer.
A google session came up with /etc/modprobe.d/blacklist.conf, which only prevents modules to be loaded at boot time. Also blacklisting the module in /etc/modprobe.d/nf_nat.conf, only prevents the module to be loaded during boottime.
This is not what I seek. I seek a solution which prevents a module to be loaded at all. Even if a command like 'iptables -L -t nat' is given.
Does anyone know a solution?
---
Enrico
|