On Mon, 20 Sep 2004 17:22:50 +0900 (JST), d l wrote: > I am using vanilla Fedora Core 2, without configuring > firewall in anaconda during initial install. > > Simple rules seems to works with built in modules. e.g. > iptables -A INPUT -p ICMP -j DROP > > However when I tried to use extension modules like > <connlimit> and <owner>, iptables always gives me error. > > For <owner>: > iptables -m owner --help > ....... > OWNER match v1.2.9 options: > [!] --uid-owner userid Match local uid > [!] --gid-owner groupid Match local gid > [!] --pid-owner processid Match local pid > [!] --sid-owner sessionid Match local sid > [!] --cmd-owner name Match local command name > > # iptables -A INPUT -m owner --cmd-owner mlnet -j test > iptables: Invalid argument It doesn't work like that. Read "man iptables" again. Why your command doesn't work is explained in the OWNER extension section. > And similar results with <connlimit> extension. > > There are corresponding so files in /lib/iptables for that > 2 extensions. > /lib/iptables/libipt_connlimit.so > /lib/iptables/libipt_owner.so I don't see a netfilter connlimit kernel module, so that could mean it's neither built nor supported. In case the extension is included in the stock Linux kernel, that might be a package bug. -- Fedora Core release 2 (Tettnang) - Linux 2.6.7-1.494.2.2 loadavg: 0.00 0.19 0.38
