From 3e440a1f0f7d72936ffc7c26c2713e343e60d22782736f2682c3b6b0bf0fece0 Mon Sep 17 00:00:00 2001
From: "Marc S. Weidner" <msw@coresecret.dev>
Date: Fri, 24 Oct 2025 16:08:45 +0100
Subject: [PATCH] V8.13.288.2025.10.24

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
---
 .../hooks/live/0001_initramfs_modules.chroot  | 116 ++++++++++--------
 docs/CHANGELOG.md                             |   1 +
 2 files changed, 68 insertions(+), 49 deletions(-)

diff --git a/config/hooks/live/0001_initramfs_modules.chroot b/config/hooks/live/0001_initramfs_modules.chroot
index 0a362a5..932e8ba 100644
--- a/config/hooks/live/0001_initramfs_modules.chroot
+++ b/config/hooks/live/0001_initramfs_modules.chroot
@@ -83,19 +83,10 @@ cat << EOF >| /etc/initramfs-tools/modules
 # raid1
 # sd_mod
 
-### Load AppArmor early:
+### AppArmor -------------------------------------------------------------------------------------------------------------------
 apparmor
 
-### Entropy source for '/dev/random':
-jitterentropy_rng
-rng_core
-
-### Live-ISO-Stack:
-loop
-squashfs
-overlay
-
-### Main btrfs-Stack:
+### btrfs ----------------------------------------------------------------------------------------------------------------------
 btrfs
 lzo
 xor
@@ -103,28 +94,7 @@ xxhash
 zstd
 zstd_compress
 
-### Main ext4-Stack:
-ext4
-jbd2
-libcrc32c
-
-### Main VFAT/ESP/FAT/UEFI-Stack:
-exfat
-fat
-nls_ascii
-nls_cp437
-nls_iso8859-1
-nls_iso8859-15
-nls_utf8
-vfat
-
-### Device mapper, encryption & integrity:
-dm_mod
-dm_crypt
-dm_integrity
-dm_verity
-
-### Main cryptography-Stack:
+### cryptography ---------------------------------------------------------------------------------------------------------------
 aes_generic
 blake2b_generic
 crc32c_generic
@@ -134,16 +104,68 @@ sha256_generic
 sha512_generic
 xts
 
-### QEMU Bochs-compatible virtual machine support:
+### cryptsetup -----------------------------------------------------------------------------------------------------------------
+dm_mod
+dm_crypt
+dm_integrity
+dm_verity
+
+### Entropy --------------------------------------------------------------------------------------------------------------------
+jitterentropy_rng
+rng_core
+
+### ESP/FAT/UEFI ---------------------------------------------------------------------------------------------------------------
+exfat
+fat
+vfat
+
+### ext4 -----------------------------------------------------------------------------------------------------------------------
+ext4
+jbd2
+libcrc32c
+
+### Live-ISO -------------------------------------------------------------------------------------------------------------------
+loop
+squashfs
+overlay
+
+#### nftables ------------------------------------------------------------------------------------------------------------------
+nf_conntrack
+nf_log_common
+nf_nat
+nf_reject_ipv4
+nf_reject_ipv6
+nf_tables
+nft_counter
+nft_ct
+nft_icmp
+nft_icmpv6
+nft_limit
+nft_log
+nft_masq
+nft_meta
+nft_nat
+nft_reject_inet
+nft_set_hash
+nft_set_rbtree
+nft_tcp
+nft_udp
+nft_reject_inet
+nfnetlink
+nfnetlink_log
+
+### NVMe -----------------------------------------------------------------------------------------------------------------------
+nvme
+nvme_core
+
+### QEMU -----------------------------------------------------------------------------------------------------------------------
 bochs
 
-### RAID6 parity generation module:
+### RAID -----------------------------------------------------------------------------------------------------------------------
+raid456
 raid6_pq
 
-### Combined RAID4/5/6 support module:
-raid456
-
-### SCSI/SATA-Stack:
+### SCSI/SATA ------------------------------------------------------------------------------------------------------------------
 sd_mod
 sr_mod
 sg
@@ -154,11 +176,7 @@ libata
 scsi_mod
 scsi_dh_alua
 
-### NVMe-Stack:
-nvme
-nvme_core
-
-### USB-Stack:
+### USB ------------------------------------------------------------------------------------------------------------------------
 xhci_pci
 xhci_hcd
 ehci_pci
@@ -167,14 +185,14 @@ uhci_hcd
 usb_storage
 uas
 
-### Virtual-Machines-Stack:
-virtio_pci
+### Virtual --------------------------------------------------------------------------------------------------------------------
 virtio_blk
-virtio_scsi
-virtio_rng
 virtio_console
+virtio_pci
+virtio_rng
+virtio_scsi
 
-### Network Driver Host-machine:
+### Network Driver Host-machine ------------------------------------------------------------------------------------------------
 "${nic_driver}"
 
 EOF
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index 657f8cd..6d11522 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -13,6 +13,7 @@ include_toc: true
 # 2. Changelog
 
 ## V8.13.288.2025.10.24
+* **Updated**: [0001_initramfs_modules.chroot](../config/hooks/live/0001_initramfs_modules.chroot) + nftables mods
 * **Updated**: [9950_fail2ban_hardening.chroot](../config/hooks/live/9950_fail2ban_hardening.chroot) + banaction = nftables-*
 * **Updated**: [0900_ufw_setup.chroot](../config/hooks/live/0900_ufw_setup.chroot) changed var injection
 * **Updated**: [9950_fail2ban_hardening.chroot](../config/hooks/live/9950_fail2ban_hardening.chroot) changed var injection