Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

iptables and 2.6.10 kernel
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
tgriffiths
n00b
n00b


Joined: 06 Jan 2005
Posts: 7
Location: Melbourne, Australia
PostPosted: Mon Jan 17, 2005 10:15 pm    Post subject: iptables and 2.6.10 kernel Reply with quote
Trying to get iptables-1.2.11-r3 to emerge using the newly compiled hardened-dev-sources 2.6.10 kernel. I would like it to use the extensions like hashlimit as this is a mail machine and this extension looks to be very handy to stop other machines from flooding the server. It wont compile though :cry:

I have even tried a daily snapshot from the netfilter site and it returns the same errors. If I remove the /usr/src/linux symlink or disable "extensions" then it compiles.

Code:
emerge -av iptables
<snip>
net-firewall/iptables-1.2.11-r3  -debug +extensions* -ipv6 -static 0 kB
<snip>
Extensions found: IPv4:CLUSTERIP IPv4:addrtype IPv4:recent IPv6:ah IPv6:esp IPv6:frag IPv6:ipv6header IPv6:hbh IPv6:dst IPv6:rt
cc -march=athlon-xp -O3 -pipe -fomit-frame-pointer -fno-stack-protector -Wall -Wunused -I/usr/src/linux/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.11\"  -D_UNKNOWN_KERNEL_POINTER_SIZE -fPIC -o extensions/libipt_stealth_sh.o -c extensions/libipt_stealth.c
In file included from /usr/src/linux/include/linux/netdevice.h:28,
                 from /usr/src/linux/include/linux/netfilter_ipv4.h:10,
                 from /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:26,
                 from include/libiptc/libiptc.h:6,
                 from include/iptables.h:5,
                 from extensions/libipt_stealth.c:10:
<snip>
make: *** [extensions/libipt_stealth_sh.o] Error 1


The most interesting thing is, I have disabled ipv6 in this kernel and in the USE flags, but it is still trying to compile the extensions for ipv6. Should I just enable ipv6 in the kernel?
Back to top
View user's profile Send private message
tgriffiths
n00b
n00b


Joined: 06 Jan 2005
Posts: 7
Location: Melbourne, Australia
PostPosted: Mon Jan 17, 2005 11:08 pm    Post subject: Reply with quote
After compiling ipv6 support in to the kernel and enabling all the iptables ipv6 stuff, it still wont compile. Thoughts anyone? Any more information I need to give?

Code:
System uname: 2.6.10-hardened-r1 i686 AMD Athlon(tm) XP 2400+
Gentoo Base System version 1.4.16
distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.3 [enabled]
Autoconf: sys-devel/autoconf-2.59-r5
Automake: sys-devel/automake-1.8.5-r1
Binutils: sys-devel/binutils-2.15.92.0.2-r1
Headers:  sys-kernel/linux-headers-2.4.21-r1
Libtools: sys-devel/libtool-1.5.2-r7
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms"
GENTOO_MIRRORS="ftp://mirror.pacific.net.au/linux/Gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X alsa apache2 apm arts avi berkdb bitmap-fonts crypt cups encode f77 fam font-server foomaticdb fortran freetds gdbm gif gpm gtk2 imap imlib jpeg kde ldap libg++ libwww mad mbox mikmod milter motif mpeg mysql ncurses nls oggvorbis opengl oss pam pdflib perl png postgres python qt quicktime readline samba sasl sdl spell ssl svga tcpd tiff truetype truetype-fonts type1-fonts x86 xml2 xmms xv zlib"
Back to top
View user's profile Send private message
tgriffiths
n00b
n00b


Joined: 06 Jan 2005
Posts: 7
Location: Melbourne, Australia
PostPosted: Mon Jan 17, 2005 11:34 pm    Post subject: Reply with quote
I'm going to answer my own question. I think I've got it sorted.

iptables 1.2.11 doesn't even have hashlimit support so what I have been doing was a waste of time. Compiling a iptables 1.3 snapshot from netfilter.org with KERNEL_DIR=/usr gives me hashlimit support, but this is way outside portage and I'd rather not go there.

So I guess I'll have to wait until a stable version of iptables 1.3 is released before it can actually use the new module code in the kernel.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy