No longer load modules

As the legacy modules conflict with nft modules, this change expects the
kernel to have the modules built-in or load them automatically, like the
kernel shipped by Debian

Closes: 932196
Thanks: Jérémie LEGRAND

2 files changed, 6 insertions, 20 deletions

diff --git a/plugins/15-ip4tables b/plugins/15-ip4tables
index bf07939..13f33a8 100755
--- a/plugins/15-ip4tables
+++ b/plugins/15-ip4tables
@@ -32,16 +32,9 @@ load_rules()
 save_rules()
 {
     if [ ! "${IPTABLES_SKIP_SAVE}x" = "yesx" ]; then
-        #save IPv4 rules
-        #need at least iptable_filter loaded:
-        modprobe -b -q iptable_filter || true
-        if [ ! -f /proc/net/ip_tables_names ]; then
-            echo "Warning: skipping IPv4 (Kernel support is missing)"
-        else
-            touch /etc/iptables/rules.v4
-            chmod 0640 /etc/iptables/rules.v4
-            iptables-save > /etc/iptables/rules.v4
-        fi
+        touch /etc/iptables/rules.v4
+        chmod 0640 /etc/iptables/rules.v4
+        iptables-save > /etc/iptables/rules.v4
     fi
 }
 
diff --git a/plugins/25-ip6tables b/plugins/25-ip6tables
index 4c9aa0d..0755f19 100755
--- a/plugins/25-ip6tables
+++ b/plugins/25-ip6tables
@@ -30,16 +30,9 @@ load_rules()
 save_rules()
 {
     if [ ! "${IPTABLES_SKIP_SAVE}x" = "yesx" ]; then
-        #save IPv6 rules
-        #need at least ip6table_filter loaded:
-        modprobe -b -q ip6table_filter || true
-        if [ ! -f /proc/net/ip6_tables_names ]; then
-            log_action_cont_msg "Warning: skipping IPv6 (Kernel support is missing)"
-        else
-            touch /etc/iptables/rules.v6
-            ip6tables-save > /etc/iptables/rules.v6
-            chmod 0640 /etc/iptables/rules.v6
-        fi
+        touch /etc/iptables/rules.v6
+        ip6tables-save > /etc/iptables/rules.v6
+        chmod 0640 /etc/iptables/rules.v6
     fi
 }