Loaded iptables modules can be found in /proc/net/ip_tables_matches proc filesystem entry.

cat /proc/net/ip_tables_matches

In PHP I can access the loaded iptables modules by loading and exploding file contents:

$content = file_get_contents( /proc/net/ip_tables_matches );
$modules = explode("
", $content);

Of course it requires proc filesystem to be mounted (Most GNU Linux distros mount it by default)

This is a really old post but here we go:

# lsmod | grep ip

shows a list of loaded modules, which I think most are related to iptables... /proc/net/ip_tables_matches doesn t show modules (at least not in RHEL 6)

Take a look in the following directory (replace per your kernel version):

ls /lib/modules/2.6.32-504.8.1.el6.x86_64/kernel/net/netfilter/

You can load the module using (dropping the .ko as listed in the directory):

modprobe nf_conntrack_ftp

Alternatively, you can ensure it s loaded at boot by adding it to:

/etc/sysconfig/iptables-config (RHEL/CENTOS) 

IPTABLES_MODULES="nf_conntrack_ftp"

This seems to be poorly documented.

Try this for a fast overview on the netfilter modules present on your system, here a one-liner for pasting:

for i in /lib/modules/$(uname -r)/kernel/net/netfilter/*; do echo -e "e[33;1m$(basename "$i")e[0m"; strings "$i" | grep -e description -e depends| sed -e  s/Xtables: //g  -e  s/=/: /g  -e  s/depends=/depends on: /g ; echo; done

Again for readability, with added newlines:

#!/bin/bash
for i in /lib/modules/$(uname -r)/kernel/net/netfilter/*
do 
    echo -e "e[33;1m$(basename "$i")e[0m"
    strings "$i" | grep -e description -e depends | sed -e  s/Xtables: //g  -e  s/=/: /g  -e  s/depends=/depends on: /g 
    echo
done

Filename will appear in yellow, from which you can guess if the module in question exists or not. Description and dependencies are the next two lines below.

This will not cover everything (because this would be too easy, ofc). Only looking up the modules manually, to see if they exist, gives you 100% accurate information.

iptables -m <match/module name> --help

If a module exists on your system, at the end of the help text you will get some info on how to use it:

ctr-014# iptables -m limit --help
iptables v1.4.14

Usage: iptables -[ACD] chain rule-specification [options]
       iptables -I chain [rulenum] rule-specification [options]
  

...


[!] --version   -V              print package version.

limit match options:
--limit avg                     max average match rate: default 3/hour
                                [Packets per second unless followed by 
                                /sec /minute /hour /day postfixes]
--limit-burst number            number to match in a burst, default 5
ctr-014# 

It the module is not present on your system:

ctr-014# iptables -m iplimit --help
iptables v1.4.14: Couldn t load match `iplimit :No such file or directory

Try `iptables -h  or  iptables --help  for more information.
ctr-014#

As Gonio has suggested lsmod lists all loaded kernel modules, but grepping "ip" won t give you all iptables modules.

I would rather use

lsmod|grep -E "nf_|xt_|ip"

and still, I m not sure the list will be complete.

As an alternative method, this can also be done with a Python script.

First make sure you have the iptc library. sudo pip install --upgrade python-iptables

(Assuming Python3 is your version)

import iptc
table = iptc.Table(iptc.Table.FILTER)
for chain in table.chains:
    print("------------------------------------------")
    print("Chain ", chain.name)
    for rule in chain.rules:
        print("Rule ", "proto", rule.protocol, "src:", rule.src, "dst:" , rule.dst, "in:", rule.in_interface, "out:", rule.out_interface)
        print("Matches:")
        for match in rule.matches:
            print(match.name)
        print("Target:")
        print(rule.target.name)
print("------------------------------------------")