[fedora-arm] Fedora-11 Status

Kedar Sovani kedars at marvell.com
Thu Oct 22 16:25:06 UTC 2009 

> -----Original Message-----
> From: Steve Grubb [mailto:sgrubb at redhat.com]
> Sent: 22 October 2009 21:39
> To: Kedar Sovani; fedora-arm at redhat.com
> Subject: Re: [fedora-arm] Fedora-11 Status
> 
> On Tuesday 06 October 2009 04:45:33 am you wrote:
> > > I was wondering if in the next kernel build if
> > > netfilter/iptables can be
> > > enabled?
> >
> > We do not disable it.
> >
> > The kernel build just picks the default fedora kernel
> configuration and
> >  merges the arch-specific ("config-arm" in our case)
> exception file. This
> >  file hasn't disabled iptables:
> >
> http://cvs.fedoraproject.org/viewvc/rpms/kernel/devel/config-
> arm?revision=
> > 1.5
> 
> OK, I assumed it was not working because:
> 
> iptables-restore /etc/sysconfig/iptables
> FATAL: Could not load /lib/modules/2.6.30-00000-
> v2.6.30/modules.dep: No such
> file or directory
> iptables-restore v1.4.3.1: iptables-restore: unable to
> initialize table
> 'filter'
> 
> Error occurred at line: 3
> Try `iptables-restore -h' or 'iptables-restore --help' for more
> information.

Have you installed all the kernel modules for your kernel at install_root/lib/modules/<kernel_version> ?

May be it does not find the kernel modules to load?


Kedar.
 

> I traced through the initscript and decided to just try
> iptables-restore by
> itself. The initscripts really want a loadable module. Anyways,
> based on your
> comment, I tried setting --modprobe=/bin/true  to trick it. No
> luck. It
> doesn't complain about not being able to load the module
> anymore, but still
> fails at line 3. The firewall rules are simple:
> 
> # Firewall configuration written by system-config-firewall
> # Manual customization of this file is not recommended.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
> ACCEPT
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> 
> Running strace, it dies like this:
> 
> socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 4
> getsockopt(4, SOL_IP, 0x40 /* IP_??? */, 0xbeda7ee8,
> 0xbeda7ee0) = -1
> ENOPROTOOPT (Protocol not available)
> close(4)                                = 0
> 
> -Steve

More information about the fedora-arm mailing list