diff --git a/internal/firewall/iptables/firewall.go b/internal/firewall/iptables/firewall.go
index c1e8a59f..3cb7c285 100644
--- a/internal/firewall/iptables/firewall.go
+++ b/internal/firewall/iptables/firewall.go
@@ -17,7 +17,6 @@ type Config struct {
 	// Fixed state
 	ipTables  string
 	ip6Tables string
-	modules   kernelModules
 }
 
 func New(ctx context.Context, runner CmdRunner, logger Logger) (*Config, error) {
@@ -36,6 +35,5 @@ func New(ctx context.Context, runner CmdRunner, logger Logger) (*Config, error)
 		logger:    logger,
 		ipTables:  iptables,
 		ip6Tables: ip6tables,
-		modules:   newKernelModules(),
 	}, nil
 }
diff --git a/internal/firewall/iptables/iptables.go b/internal/firewall/iptables/iptables.go
index b3e1106c..d3671e5c 100644
--- a/internal/firewall/iptables/iptables.go
+++ b/internal/firewall/iptables/iptables.go
@@ -141,22 +141,18 @@ func (c *Config) AcceptOutputThroughInterface(ctx context.Context, intf string,
 }
 
 func (c *Config) AcceptEstablishedRelatedTraffic(ctx context.Context) error {
-	err := c.runMixedIptablesInstructions(ctx, []string{
+	return c.runMixedIptablesInstructions(ctx, []string{
 		"--append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT",
 		"--append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT",
 	})
-	if err != nil && !c.modules.nfConntrack.ok {
-		return fmt.Errorf("%w: %s", ErrKernelModuleMissing, c.modules.nfConntrack.name)
-	}
-	return err
 }
 
 // AcceptOutputPublicOnlyNewTraffic adds rules to mark new output connections, and to accept
 // established or related packets with this mark only. This effectively forces
 // previously established or related traffic to be blocked.
 // If remove is true, the rules are removed instead of appended.
-// If the relevant kernel modules (nf_conntrack, xt_conntrack and xt_connmark)
-// are not available, it returns an error indicating which kernel module is missing.
+// If the relevant kernel modules are not available, it returns an error indicating
+// which kernel module is missing.
 func (c *Config) AcceptOutputPublicOnlyNewTraffic(ctx context.Context) error {
 	ipv4Instructions, ipv6Instructions := makeCreatePublicIPChainInstructions()
 	appendToBoth := func(instruction string) {
@@ -184,23 +180,14 @@ func (c *Config) AcceptOutputPublicOnlyNewTraffic(ctx context.Context) error {
 		return err
 	}
 
-	kernelErr := checkKernelModulesAreOK(c.modules.nfConntrack,
-		c.modules.xtConntrack, c.modules.xtConnmark, c.modules.xtCONNMARK)
-
 	err = c.runIptablesInstructionsNoSave(ctx, ipv4Instructions)
 	if err != nil {
 		restore(ctx)
-		if strings.Contains(err.Error(), "support") && kernelErr != nil {
-			err = fmt.Errorf("%w: %w", err, kernelErr)
-		}
 		return err
 	}
 	err = c.runIP6tablesInstructionsNoSave(ctx, ipv6Instructions)
 	if err != nil {
 		restore(ctx)
-		if strings.Contains(err.Error(), "support") && kernelErr != nil {
-			err = fmt.Errorf("%w: %w", err, kernelErr)
-		}
 		return err
 	}
 
@@ -242,22 +229,18 @@ func (c *Config) targetOutputPublicTraffic(ctx context.Context, target string, r
 	}
 	appendToBoth("-I OUTPUT -j PUBLIC_ONLY")
 
-	kernelErr := checkKernelModulesAreOK(c.modules.nfConntrack,
-		c.modules.nfRejectIPv4, c.modules.xtReject)
-
 	err := c.runIptablesInstructions(ctx, ipv4Instructions)
 	if err != nil {
-		if strings.Contains(err.Error(), "support") && kernelErr != nil {
-			err = fmt.Errorf("%w: %w", err, kernelErr)
+		if strings.Contains(err.Error(), " support") {
+			return fmt.Errorf("%w: %w", ErrKernelModuleMissing, err)
 		}
-		return err
 	}
 
 	err = c.runIP6tablesInstructions(ctx, ipv6Instructions)
 	if err != nil {
 		_ = c.runIptablesInstructions(ctx, removeInstructions)
-		if strings.Contains(err.Error(), "support") && kernelErr != nil {
-			err = fmt.Errorf("%w: %w", err, kernelErr)
+		if strings.Contains(err.Error(), " support") {
+			return fmt.Errorf("%w: %w", ErrKernelModuleMissing, err)
 		}
 		return err
 	}
diff --git a/internal/firewall/iptables/kernel.go b/internal/firewall/iptables/kernel.go
deleted file mode 100644
index 9f54f044..00000000
--- a/internal/firewall/iptables/kernel.go
+++ /dev/null
@@ -1,53 +0,0 @@
-package iptables
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/qdm12/gluetun/internal/mod"
-)
-
-type kernelModules struct {
-	nfConntrack  kernelModule
-	nfRejectIPv4 kernelModule
-	xtConnmark   kernelModule
-	xtCONNMARK   kernelModule
-	xtConntrack  kernelModule
-	xtReject     kernelModule
-}
-
-type kernelModule struct {
-	name string
-	ok   bool
-}
-
-func newKernelModules() kernelModules {
-	var m kernelModules
-	nameToFieldPtr := map[string]*kernelModule{
-		"nf_conntrack_netlink": &m.nfConntrack,
-		"nf_reject_ipv4":       &m.nfRejectIPv4,
-		"xt_connmark":          &m.xtConnmark,
-		"xt_CONNMARK":          &m.xtCONNMARK,
-		"xt_conntrack":         &m.xtConntrack,
-		"xt_REJECT":            &m.xtReject,
-	}
-	for name, fieldPtr := range nameToFieldPtr {
-		fieldPtr.name = name
-		err := mod.Probe(name)
-		fieldPtr.ok = err == nil
-	}
-	return m
-}
-
-func checkKernelModulesAreOK(modules ...kernelModule) error {
-	missing := make([]string, 0, len(modules))
-	for _, module := range modules {
-		if !module.ok {
-			missing = append(missing, module.name)
-		}
-	}
-	if len(missing) > 0 {
-		return fmt.Errorf("%w: %s", ErrKernelModuleMissing, strings.Join(missing, ", "))
-	}
-	return nil
-}