Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Mark Shields <laebshade@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] iptables will not load rule after kernel upgrade (2.6.19-r5 -> 2.6.20-r6)
Date: Sat, 21 Apr 2007 18:40:38
Message-Id: 642958cc0704211134ne758483yd2d1b51571b487a@mail.gmail.com
In Reply to: Re: [gentoo-user] iptables will not load rule after kernel upgrade (2.6.19-r5 -> 2.6.20-r6) by Dan Johansson
1 On 4/21/07, Dan Johansson <Dan.Johansson@×××.nu> wrote:
2 >
3 > On Saturday 21 April 2007 15:53, Uwe Thiem wrote:
4 > > On 21 April 2007, Dan Johansson wrote:
5 > > > After upgrading gentoo-sources to 2.6.20-r6 from 2.6.19-r5 today my
6 > > > firewall won't start (shorewall).
7 > > >
8 > > > The here's the error:
9 > > > iptables: Invalid argument
10 > > > ERROR: Command "/sbin/iptables -A FORWARD -m state --state
11 > > > ESTABLISHED,RELATED -j ACCEPT" Failed
12 > > >
13 > > > I'm getting the same errormessage when it try it by hand.
14 > >
15 > > When you generated the kernel, did you build all modules necessary. In
16 > this
17 > > particlu case, ipt_state?
18 > If you meen CONFIG_NETFILTER_XT_MATCH_STATE=y then yes it's compiled in
19 > (not a
20 > module). You know of any other part that NEEDS to be activated other the
21 > the
22 > following?
23 >
24 > CONFIG_NETFILTER=y
25 > CONFIG_NF_CONNTRACK_ENABLED=y
26 > CONFIG_NF_CONNTRACK_SUPPORT=y
27 > CONFIG_NF_CONNTRACK=y
28 > CONFIG_NETFILTER_XTABLES=y
29 > CONFIG_NETFILTER_XT_MATCH_LIMIT=y
30 > CONFIG_NETFILTER_XT_MATCH_STATE=y
31 > CONFIG_IP_NF_QUEUE=y
32 > CONFIG_IP_NF_IPTABLES=y
33 > CONFIG_IP_NF_FILTER=y
34 > CONFIG_IP_NF_TARGET_REJECT=y
35 > CONFIG_IP_NF_TARGET_LOG=y
36 > CONFIG_IP_NF_MANGLE=y
37 >
38 >
39 > --
40 > Dan Johansson, <http://www.dmj.nu>
41 > ***************************************************
42 > This message is printed on 100% recycled electrons!
43 > ***************************************************
44 >
45 >
46 You found your problem, then. When you use iptables -m state, it loads the
47 state module. Since it's not compiled as a module, it won't load. Either
48 change it to module in the kernel or remove the -m state (I think I tried
49 once compiling into the kernel and dropping the -m state, but it didn't
50 work).
51
52 --
53 - Mark Shields

Replies

Subject Author
Re: [gentoo-user] iptables will not load rule after kernel upgrade (2.6.19-r5 -> 2.6.20-r6) SOLVED Dan Johansson <Dan.Johansson@×××.nu>
Report Message
Find on MARC Find on Google Groups