Thanks, I will try it out. Regards, DL --- Samuel D?z Garc? <samueldg@xxxxxxxxxxxx> からのメッ セージ: > The connlimit extension (the owner extension I don't > know) is not included > in the kernel sources (as u can see in > netfilter.org) because aren't stable > "patches". > > I needed to do this: > > 1) My kernel sources (2.4.x in my case, 2.6.x in > your case). > 2) Last version of patch-o-matic sources to > netfilter. > 3) IPTABLES sources. > 4) See readme files in patch-o-matic sources for > netfilter, it will patch > the netfilter in kernel sources and iptables > sources. > 5) Apply the patches to kernel and iptables. > 6) Configure your kernel with "experimental options" > and compile. > 7) Compile patched iptables. > 8) Make a backup of your iptables binary before > install the new patched > iptables. > 9) Test your new kernel and your new iptables before > use it into a > production environment. > > P.D.: Sorry for my poor english. > > Michael Schwendt writes: > > > On Mon, 20 Sep 2004 17:22:50 +0900 (JST), d l > wrote: > > > >> I am using vanilla Fedora Core 2, without > configuring > >> firewall in anaconda during initial install. > >> > >> Simple rules seems to works with built in > modules. e.g. > >> iptables -A INPUT -p ICMP -j DROP > >> > >> However when I tried to use extension modules > like > >> <connlimit> and <owner>, iptables always gives me > error. > >> > >> For <owner>: > >> iptables -m owner --help > >> ....... > >> OWNER match v1.2.9 options: > >> [!] --uid-owner userid Match local uid > >> [!] --gid-owner groupid Match local gid > >> [!] --pid-owner processid Match local pid > >> [!] --sid-owner sessionid Match local sid > >> [!] --cmd-owner name Match local command > name > >> > >> # iptables -A INPUT -m owner --cmd-owner mlnet -j > test > >> iptables: Invalid argument > > > > It doesn't work like that. Read "man iptables" > again. Why your command > > doesn't work is explained in the OWNER extension > section. > > > >> And similar results with <connlimit> extension. > >> > >> There are corresponding so files in /lib/iptables > for that > >> 2 extensions. > >> /lib/iptables/libipt_connlimit.so > >> /lib/iptables/libipt_owner.so > > > > I don't see a netfilter connlimit kernel module, > so that could mean > > it's neither built nor supported. In case the > extension is included > > in the stock Linux kernel, that might be a package > bug. > > > > -- > > Fedora Core release 2 (Tettnang) - Linux > 2.6.7-1.494.2.2 > > loadavg: 0.00 0.19 0.38 > > > > > > -- > > fedora-list mailing list > > fedora-list@xxxxxxxxxx > > To unsubscribe: > http://www.redhat.com/mailman/listinfo/fedora-list > > > > Samuel D?z Garc蹲a > Director Gerente > ArcosCom Wireless, S.L.L. > > mailto:samueldg@xxxxxxxxxxxx > http://www.arcoscom.com > m?il: 651 93 72 48 > tlfn/fax: 956 70 13 15 > > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list __________________________________ TSUKAME EIKOU! KAGAYAKE EGAO! Yahoo! JAPAN JPC OFFICIAL INTERNET PORTAL SITE http://pr.mail.yahoo.co.jp/para/
