On Tue, Mar 28, 2006 at 04:00:33AM +0000, Hubert Tonneau wrote:
> When upgrading from 2.6.15 to 2.6.16 I noticed iptables not working anymore.
>
> I traced the problem down to a new 'CONFIG_NETFILTER_XTABLES' compile option
> that must be set, but I still get some rules rejected as soon as
> '--destination-port' option is used.
>
> As an example, the following command:
> iptables -A eth0in -p udp --destination-port 111 -j DROP
this sounds like you're missing support for the tcp/udp match.
This functionality is implemented in xt_tcpudp.{c,ko}, which is compiled
as soon as x_tables is compiled.
What does cat /proc/netip_tables_matches show before and after executing
your iptables command, and before/after manually executing modprobe
xt_tcpudp.
Also, what is your iptables program version?
Please follow-up-to [email protected], but keep me in Cc
--
- Harald Welte <[email protected]> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
Attachment:
pgpgMiPfiXrtj.pgp
Description: PGP signature
- References:
- failed to configure iptables with 2.6.16 kernel
- From: Hubert Tonneau <[email protected]>
- failed to configure iptables with 2.6.16 kernel
- Prev by Date: Re: Linux 2.6.16.1
- Next by Date: Re: HZ != 1000 causes problem with serial device shown by git-bisect
- Previous by thread: failed to configure iptables with 2.6.16 kernel
- Next by thread: Re: failed to configure iptables with 2.6.16 kernel
- Index(es):
 |