Re: cant use iptable extensions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks, I will try it out.
Regards,
DL

--- Samuel D?z Garc? <samueldg@xxxxxxxxxxxx> からのメッ
セージ:
> The connlimit extension (the owner extension I don't
> know) is not included 
> in the kernel sources (as u can see in
> netfilter.org) because aren't stable 
> "patches". 
> 
> I needed to do this: 
> 
> 1) My kernel sources (2.4.x in my case, 2.6.x in
> your case).
> 2) Last version of patch-o-matic sources to
> netfilter.
> 3) IPTABLES sources.
> 4) See readme files in patch-o-matic sources for
> netfilter, it will patch 
> the netfilter in kernel sources and iptables
> sources.
> 5) Apply the patches to kernel and iptables.
> 6) Configure your kernel with "experimental options"
> and compile.
> 7) Compile patched iptables.
> 8) Make a backup of your iptables binary before
> install the new patched 
> iptables.
> 9) Test your new kernel and your new iptables before
> use it into a 
> production environment. 
> 
> P.D.: Sorry for my poor english. 
> 
> Michael Schwendt writes: 
> 
> > On Mon, 20 Sep 2004 17:22:50 +0900 (JST), d l
> wrote: 
> > 
> >> I am using vanilla Fedora Core 2, without
> configuring
> >> firewall in anaconda during initial install. 
> >> 
> >> Simple rules seems to works with built in
> modules. e.g. 
> >> iptables -A INPUT -p ICMP -j DROP 
> >> 
> >> However when I tried to use extension modules
> like
> >> <connlimit> and <owner>, iptables always gives me
> error. 
> >> 
> >> For <owner>:
> >> iptables -m owner --help
> >> .......
> >> OWNER match v1.2.9 options:
> >> [!] --uid-owner userid     Match local uid
> >> [!] --gid-owner groupid    Match local gid
> >> [!] --pid-owner processid  Match local pid
> >> [!] --sid-owner sessionid  Match local sid
> >> [!] --cmd-owner name       Match local command
> name 
> >> 
> >> # iptables -A INPUT -m owner --cmd-owner mlnet -j
> test
> >> iptables: Invalid argument
> > 
> > It doesn't work like that. Read "man iptables"
> again. Why your command
> > doesn't work is explained in the OWNER extension
> section. 
> > 
> >> And similar results with <connlimit> extension. 
> >> 
> >> There are corresponding so files in /lib/iptables
> for that
> >> 2 extensions.
> >> /lib/iptables/libipt_connlimit.so
> >> /lib/iptables/libipt_owner.so
> > 
> > I don't see a netfilter connlimit kernel module,
> so that could mean
> > it's neither built nor supported. In case the
> extension is included
> > in the stock Linux kernel, that might be a package
> bug.
> >  
> > -- 
> > Fedora Core release 2 (Tettnang) - Linux
> 2.6.7-1.494.2.2
> > loadavg: 0.00 0.19 0.38 
> > 
> > 
> > -- 
> > fedora-list mailing list
> > fedora-list@xxxxxxxxxx
> > To unsubscribe:
> http://www.redhat.com/mailman/listinfo/fedora-list
>  
> 
> 
> Samuel D?z Garc蹲a
> Director Gerente
> ArcosCom Wireless, S.L.L. 
> 
> mailto:samueldg@xxxxxxxxxxxx
> http://www.arcoscom.com
> m?il: 651 93 72 48
> tlfn/fax: 956 70 13 15 
> 
> 
> 
> -- 
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe:
http://www.redhat.com/mailman/listinfo/fedora-list


__________________________________
TSUKAME EIKOU! KAGAYAKE EGAO!
Yahoo! JAPAN JPC OFFICIAL INTERNET PORTAL SITE
http://pr.mail.yahoo.co.jp/para/



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux