Hello,

Some of my servers have kernels built by a cloud provider which, does not have security tables available and have nf_conntrack_* modules builtin.

When I could, I updated the kernel, as recently suggested to another user in [1].

But, the doesn't looks like a solution for kernel we can't update.

Moreover, these tables looks not mandatory to firewalld and limit the use of firewalld where iptables could be used.

Would you like to accept patches which make:

- security tables optional;

- support kernel with builtin network modules ?

Side question: Why is firewalld altering ipXtables when the backend is nftables?

Regards,

[1] https://github.com/firewalld/firewalld/issues/411

Sébastien "Seblu" Luttringer