cant use iptable extensions
Michael Schwendt
fedora at wir-sind-cool.org
Mon Sep 20 09:28:33 UTC 2004
On Mon, 20 Sep 2004 17:22:50 +0900 (JST), d l wrote:
> I am using vanilla Fedora Core 2, without configuring
> firewall in anaconda during initial install.
>
> Simple rules seems to works with built in modules. e.g.
> iptables -A INPUT -p ICMP -j DROP
>
> However when I tried to use extension modules like
> <connlimit> and <owner>, iptables always gives me error.
>
> For <owner>:
> iptables -m owner --help
> .......
> OWNER match v1.2.9 options:
> [!] --uid-owner userid Match local uid
> [!] --gid-owner groupid Match local gid
> [!] --pid-owner processid Match local pid
> [!] --sid-owner sessionid Match local sid
> [!] --cmd-owner name Match local command name
>
> # iptables -A INPUT -m owner --cmd-owner mlnet -j test
> iptables: Invalid argument
It doesn't work like that. Read "man iptables" again. Why your command
doesn't work is explained in the OWNER extension section.
> And similar results with <connlimit> extension.
>
> There are corresponding so files in /lib/iptables for that
> 2 extensions.
> /lib/iptables/libipt_connlimit.so
> /lib/iptables/libipt_owner.so
I don't see a netfilter connlimit kernel module, so that could mean
it's neither built nor supported. In case the extension is included
in the stock Linux kernel, that might be a package bug.
--
Fedora Core release 2 (Tettnang) - Linux 2.6.7-1.494.2.2
loadavg: 0.00 0.19 0.38
More information about the users
mailing list