Re: cant use iptable extensions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The connlimit extension (the owner extension I don't know) is not included in the kernel sources (as u can see in netfilter.org) because aren't stable "patches".

I needed to do this:

1) My kernel sources (2.4.x in my case, 2.6.x in your case).
2) Last version of patch-o-matic sources to netfilter.
3) IPTABLES sources.
4) See readme files in patch-o-matic sources for netfilter, it will patch the netfilter in kernel sources and iptables sources.
5) Apply the patches to kernel and iptables.
6) Configure your kernel with "experimental options" and compile.
7) Compile patched iptables.
8) Make a backup of your iptables binary before install the new patched iptables.
9) Test your new kernel and your new iptables before use it into a production environment.

P.D.: Sorry for my poor english.

Michael Schwendt writes:

On Mon, 20 Sep 2004 17:22:50 +0900 (JST), d l wrote:

I am using vanilla Fedora Core 2, without configuring
firewall in anaconda during initial install.

Simple rules seems to works with built in modules. e.g. iptables -A INPUT -p ICMP -j DROP

However when I tried to use extension modules like
<connlimit> and <owner>, iptables always gives me error.

For <owner>:
iptables -m owner --help
.......
OWNER match v1.2.9 options:
[!] --uid-owner userid Match local uid
[!] --gid-owner groupid Match local gid
[!] --pid-owner processid Match local pid
[!] --sid-owner sessionid Match local sid
[!] --cmd-owner name Match local command name 

# iptables -A INPUT -m owner --cmd-owner mlnet -j test
iptables: Invalid argument

It doesn't work like that. Read "man iptables" again. Why your command
doesn't work is explained in the OWNER extension section.

And similar results with <connlimit> extension. 

There are corresponding so files in /lib/iptables for that
2 extensions.
/lib/iptables/libipt_connlimit.so
/lib/iptables/libipt_owner.so

I don't see a netfilter connlimit kernel module, so that could mean
it's neither built nor supported. In case the extension is included
in the stock Linux kernel, that might be a package bug.
--
Fedora Core release 2 (Tettnang) - Linux 2.6.7-1.494.2.2
loadavg: 0.00 0.19 0.38 


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list



Samuel Díaz Garcí­a
Director Gerente
ArcosCom Wireless, S.L.L.

mailto:samueldg@xxxxxxxxxxxx
http://www.arcoscom.com
móvil: 651 93 72 48
tlfn/fax: 956 70 13 15



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux