diff --git a/iptables.init b/iptables.init
index dfefcac..b7fe486 100755
--- a/iptables.init
+++ b/iptables.init
@@ -32,6 +32,12 @@ if [ ! -x /sbin/$IPTABLES ]; then
     exit 5
 fi
 
+if [ "${IPV}" = "ip6" ] \
+    && grep -qIs "^blacklist\W${_IPV}" /etc/modprobe.conf /etc/modprobe.d/* ; then
+    echo $"$0: ${_IPV} is blacklisted."
+    exit 0
+fi
+
 # Old or new modutils
 /sbin/modprobe --version 2>&1 | grep -q module-init-tools \
     && NEW_MODUTILS=1 \
@@ -52,26 +58,9 @@ IPTABLES_STATUS_NUMERIC="yes"
 NF_MODULES=(${IPV}_tables nf_conntrack_${_IPV})
 NF_MODULES_COMMON=(x_tables nf_conntrack) # Used by netfilter v4 and v6
 
-# Are netfilter modules loaded?
-MODULES_LOADED=0
-for mod in ${NF_MODULES[*]} ${NF_MODULES_COMMON[*]}; do
-    $(lsmod | grep -q ^${mod} | awk '{print $1}')
-    if [ $? -eq 0 ]; then
-	MODULES_LOADED=1
-	break
-    fi
-done
-
 # Get active tables
 NF_TABLES=$(cat "$PROC_IPTABLES_NAMES" 2>/dev/null)
 
-# Is netfilter compiled into the kernel?
-[ $MODULES_LOADED -eq 0 -a -n "$NF_TABLES" ] && COMPILED_IN=1 || COMPILED_IN=0
-
-# Get status (quicker than status function and honour lock file)
-[ ! -f "$VAR_SUBSYS_IPTABLES" -o ! -e "$PROC_IPTABLES_NAMES" \
-    -o -z "$NF_TABLES" ] && running=0 || running=1
-
 
 rmmod_r() {
     # Unload module with all referring modules.
@@ -324,13 +313,11 @@ restart() {
 
 case "$1" in
     start)
-	[ $running -eq 1 -a $COMPILED_IN -eq 0 ] && exit 0
+	[ -f "$VAR_SUBSYS_IPTABLES" ] && exit 0
 	start
 	RETVAL=$?
 	;;
     stop)
-	# stop firewall, even if manually configured
-	[ $running -eq 1 -o $MODULES_LOADED -eq 1 ] || exit 0
 	[ "x$IPTABLES_SAVE_ON_STOP" = "xyes" ] && save
 	stop
 	RETVAL=$?
@@ -340,7 +327,7 @@ case "$1" in
 	RETVAL=$?
 	;;
     condrestart|try-restart)
-	[ $running -eq 1 ] || exit 0
+	[ -f "$VAR_SUBSYS_IPTABLES" ] && exit 0
 	restart
 	RETVAL=$?
 	;;
diff --git a/iptables.spec b/iptables.spec
index 0947896..3ddc9fe 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -153,6 +153,11 @@ fi
 %endif
 
 %changelog
+* Wed Sep 26 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-4.1
+- do not start ip6tables if ipv6 is blacklisted (rhbz#236888)
+- use simpler fix for (rhbz#295611)
+  Thanks to Linus Torvalds for the patch.
+
 * Mon Sep 24 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-4
 - fixed IPv6 reject type (rhbz#295181)
 - fixed init script: start, stop and status