1 |
On 4/21/07, Dan Johansson <Dan.Johansson@×××.nu> wrote: |
2 |
> |
3 |
> On Saturday 21 April 2007 15:53, Uwe Thiem wrote: |
4 |
> > On 21 April 2007, Dan Johansson wrote: |
5 |
> > > After upgrading gentoo-sources to 2.6.20-r6 from 2.6.19-r5 today my |
6 |
> > > firewall won't start (shorewall). |
7 |
> > > |
8 |
> > > The here's the error: |
9 |
> > > iptables: Invalid argument |
10 |
> > > ERROR: Command "/sbin/iptables -A FORWARD -m state --state |
11 |
> > > ESTABLISHED,RELATED -j ACCEPT" Failed |
12 |
> > > |
13 |
> > > I'm getting the same errormessage when it try it by hand. |
14 |
> > |
15 |
> > When you generated the kernel, did you build all modules necessary. In |
16 |
> this |
17 |
> > particlu case, ipt_state? |
18 |
> If you meen CONFIG_NETFILTER_XT_MATCH_STATE=y then yes it's compiled in |
19 |
> (not a |
20 |
> module). You know of any other part that NEEDS to be activated other the |
21 |
> the |
22 |
> following? |
23 |
> |
24 |
> CONFIG_NETFILTER=y |
25 |
> CONFIG_NF_CONNTRACK_ENABLED=y |
26 |
> CONFIG_NF_CONNTRACK_SUPPORT=y |
27 |
> CONFIG_NF_CONNTRACK=y |
28 |
> CONFIG_NETFILTER_XTABLES=y |
29 |
> CONFIG_NETFILTER_XT_MATCH_LIMIT=y |
30 |
> CONFIG_NETFILTER_XT_MATCH_STATE=y |
31 |
> CONFIG_IP_NF_QUEUE=y |
32 |
> CONFIG_IP_NF_IPTABLES=y |
33 |
> CONFIG_IP_NF_FILTER=y |
34 |
> CONFIG_IP_NF_TARGET_REJECT=y |
35 |
> CONFIG_IP_NF_TARGET_LOG=y |
36 |
> CONFIG_IP_NF_MANGLE=y |
37 |
> |
38 |
> |
39 |
> -- |
40 |
> Dan Johansson, <http://www.dmj.nu> |
41 |
> *************************************************** |
42 |
> This message is printed on 100% recycled electrons! |
43 |
> *************************************************** |
44 |
> |
45 |
> |
46 |
You found your problem, then. When you use iptables -m state, it loads the |
47 |
state module. Since it's not compiled as a module, it won't load. Either |
48 |
change it to module in the kernel or remove the -m state (I think I tried |
49 |
once compiling into the kernel and dropping the -m state, but it didn't |
50 |
work). |
51 |
|
52 |
-- |
53 |
- Mark Shields |