| 1 |
On Fri, Aug 5, 2011 at 9:11 AM, Pandu Poluan <pandu@××××××.info> wrote: |
| 2 |
> I'm having troubles with net-firewall/xtables-addons-1.3.7 |
| 3 |
> |
| 4 |
> emerge is successful, but all attempts to create an IP set (e.g., |
| 5 |
> `ipset --create test hash:ip`) resulted in the following error |
| 6 |
> message: |
| 7 |
> |
| 8 |
> FATAL: Error inserting ip_set |
| 9 |
> (/lib/modules/2.6.39-hardened-r8PANS_GW_BN_02/xtables_addons/ip_set.ko): |
| 10 |
> Invalid module format |
| 11 |
> |
| 12 |
> `insmod` begat an additional information: |
| 13 |
> |
| 14 |
> insmod: error inserting |
| 15 |
> '/lib/modules/2.6.39-hardened-r8PANS_GW_BN_02/xtables_addons/ip_set.ko': |
| 16 |
> -1 Invalid module format |
| 17 |
> |
| 18 |
> `dmesg | tail -1` gave a worrying error: |
| 19 |
> |
| 20 |
> [ 4085.271442] ip_set: exports duplicate symbol ip_set_nfnl_put (owned |
| 21 |
> by kernel) |
| 22 |
> |
| 23 |
> What should I do? |
| 24 |
|
| 25 |
I don't know much about xtables, but ISTR it's a fork (or supplement?) |
| 26 |
to iptables. |
| 27 |
|
| 28 |
That sounds like a symbol conflict, such as if you were to try to |
| 29 |
insert a module into a kernel, where the kernel already had the code |
| 30 |
built-in. |
| 31 |
|
| 32 |
Check your kernel configuration and ensure that all of the iptables |
| 33 |
stuff is built as modules, rather than built-in. Then (I suspect) it |
| 34 |
should be a matter of figuring out which module conflicts. |
| 35 |
|
| 36 |
-- |
| 37 |
:wq |
Archives