cant use iptable extensions
d l
popgojp at yahoo.co.jp
Mon Sep 20 14:17:18 UTC 2004
Thanks, I will try it out.
Regards,
DL
--- Samuel D?z Garc? <samueldg at arcoscom.com> からのメッ
セージ:
> The connlimit extension (the owner extension I don't
> know) is not included
> in the kernel sources (as u can see in
> netfilter.org) because aren't stable
> "patches".
>
> I needed to do this:
>
> 1) My kernel sources (2.4.x in my case, 2.6.x in
> your case).
> 2) Last version of patch-o-matic sources to
> netfilter.
> 3) IPTABLES sources.
> 4) See readme files in patch-o-matic sources for
> netfilter, it will patch
> the netfilter in kernel sources and iptables
> sources.
> 5) Apply the patches to kernel and iptables.
> 6) Configure your kernel with "experimental options"
> and compile.
> 7) Compile patched iptables.
> 8) Make a backup of your iptables binary before
> install the new patched
> iptables.
> 9) Test your new kernel and your new iptables before
> use it into a
> production environment.
>
> P.D.: Sorry for my poor english.
>
> Michael Schwendt writes:
>
> > On Mon, 20 Sep 2004 17:22:50 +0900 (JST), d l
> wrote:
> >
> >> I am using vanilla Fedora Core 2, without
> configuring
> >> firewall in anaconda during initial install.
> >>
> >> Simple rules seems to works with built in
> modules. e.g.
> >> iptables -A INPUT -p ICMP -j DROP
> >>
> >> However when I tried to use extension modules
> like
> >> <connlimit> and <owner>, iptables always gives me
> error.
> >>
> >> For <owner>:
> >> iptables -m owner --help
> >> .......
> >> OWNER match v1.2.9 options:
> >> [!] --uid-owner userid Match local uid
> >> [!] --gid-owner groupid Match local gid
> >> [!] --pid-owner processid Match local pid
> >> [!] --sid-owner sessionid Match local sid
> >> [!] --cmd-owner name Match local command
> name
> >>
> >> # iptables -A INPUT -m owner --cmd-owner mlnet -j
> test
> >> iptables: Invalid argument
> >
> > It doesn't work like that. Read "man iptables"
> again. Why your command
> > doesn't work is explained in the OWNER extension
> section.
> >
> >> And similar results with <connlimit> extension.
> >>
> >> There are corresponding so files in /lib/iptables
> for that
> >> 2 extensions.
> >> /lib/iptables/libipt_connlimit.so
> >> /lib/iptables/libipt_owner.so
> >
> > I don't see a netfilter connlimit kernel module,
> so that could mean
> > it's neither built nor supported. In case the
> extension is included
> > in the stock Linux kernel, that might be a package
> bug.
> >
> > --
> > Fedora Core release 2 (Tettnang) - Linux
> 2.6.7-1.494.2.2
> > loadavg: 0.00 0.19 0.38
> >
> >
> > --
> > fedora-list mailing list
> > fedora-list at redhat.com
> > To unsubscribe:
> http://www.redhat.com/mailman/listinfo/fedora-list
>
>
>
> Samuel D?z Garc蹲a
> Director Gerente
> ArcosCom Wireless, S.L.L.
>
> mailto:samueldg at arcoscom.com
> http://www.arcoscom.com
> m?il: 651 93 72 48
> tlfn/fax: 956 70 13 15
>
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe:
http://www.redhat.com/mailman/listinfo/fedora-list
__________________________________
TSUKAME EIKOU! KAGAYAKE EGAO!
Yahoo! JAPAN JPC OFFICIAL INTERNET PORTAL SITE
http://pr.mail.yahoo.co.jp/para/
More information about the fedora-list
mailing list