Gentoo Archives: gentoo-user

From:	Benno Schulenberg <benno.schulenberg@×××××.com>
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] Useless error messages from iptables-restore
Date:	Wed, 02 May 2007 08:49:27
Message-Id:	`200705021043.44928.benno.schulenberg@gmail.com`
In Reply to:	Re: [gentoo-user] Useless error messages from iptables-restore by waltdnes@waltdnes.org

1	waltdnes@××××××××.org wrote:
2	> The final remaining problem is with the 3 statements scattered
3	> through the rules...
4	>
5	> -A ICMP_IN -p icmp -m state --state NEW -j UNSOLICITED
6	> -A TCP_IN -p tcp -m state --state NEW -m tcp -j UNSOLICITED
7	> -A UDP_IN -p udp -m state --state NEW -j UNSOLICITED
8
9	The "-m tcp" is a typo, yes?
10
11	The setting you might me missing is CONFIG_NF_CONNTRACK_IPV4=y.
12	Grep through your .config and compare:
13
14	# grep ^CONF /usr/src/linux/.config \| grep -e _NF -e NETFILTER
15	CONFIG_NETFILTER=y
16	CONFIG_NETFILTER_DEBUG=y
17	CONFIG_NF_CONNTRACK_ENABLED=y
18	CONFIG_NF_CONNTRACK_SUPPORT=y
19	CONFIG_NF_CONNTRACK=y
20	CONFIG_NETFILTER_XTABLES=y
21	CONFIG_NETFILTER_XT_TARGET_NFLOG=y
22	CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
23	CONFIG_NETFILTER_XT_MATCH_STATE=y
24	CONFIG_NF_CONNTRACK_IPV4=y
25	CONFIG_NF_CONNTRACK_PROC_COMPAT=y
26	CONFIG_IP_NF_IPTABLES=y
27	CONFIG_IP_NF_FILTER=y
28	CONFIG_IP_NF_TARGET_LOG=y
29	CONFIG_NF_NAT=y
30	CONFIG_NF_NAT_NEEDED=y
31	CONFIG_IP_NF_TARGET_MASQUERADE=y
32
33	Benno
34	--
35	gentoo-user@g.o mailing list