failed to configure iptables with 2.6.16 kernel
Harald Welte
laforge at netfilter.org
Tue Mar 28 10:09:26 CEST 2006
On Tue, Mar 28, 2006 at 04:00:33AM +0000, Hubert Tonneau wrote:
> When upgrading from 2.6.15 to 2.6.16 I noticed iptables not working anymore.
>
> I traced the problem down to a new 'CONFIG_NETFILTER_XTABLES' compile option
> that must be set, but I still get some rules rejected as soon as
> '--destination-port' option is used.
>
> As an example, the following command:
> iptables -A eth0in -p udp --destination-port 111 -j DROP
this sounds like you're missing support for the tcp/udp match.
This functionality is implemented in xt_tcpudp.{c,ko}, which is compiled
as soon as x_tables is compiled.
What does cat /proc/netip_tables_matches show before and after executing
your iptables command, and before/after manually executing modprobe
xt_tcpudp.
Also, what is your iptables program version?
Please follow-up-to netfilter at lists.netfilter.org, but keep me in Cc
--
- Harald Welte <laforge at netfilter.org> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : /pipermail/netfilter/attachments/20060328/496b9c0a/attachment.pgp
More information about the netfilter
mailing list