SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I shouldn't have to do that. I just tried it for fun and still got the same error. This is one of the lines that I have in my rc.firewall script. This line was working just fine until I upgraded the kernel.
The problem is the combination of the newer kernel and the ancient version of iptables running on the system. Slack 11 (obviously) comes with v1.3.5 of the iptables userspace software. Use v1.3.6 or greater. From the netfilter.org site:
iptables v1.3.7 was released December of 2006 but it may not compile properly for you. If that is the case, get one of the latest snapshot releases: ftp://ftp.netfilter.org/pub/iptables/snapshot/
OK downloaded, compiled, and installed 3.7. Now when I enter the same command
Code:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
I get
iptables: No chain/target/match by that name
After RTFM pages I saw that there are 2 new options that aparently extend what I have above they are conntrack and --ctstate I tried those and I get the same error message. So now my line looks like
Code:
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
You're missing support for some iptables stuff in your kernel config. Enable everything iptables related as modules [1][2] and it will work.
[1] No, it's not a security risk. If it's not being used, the module won't be loaded.
[2] No, it's not strictly necessary to have *everything* enabled, but if you knew what was and wasn't needed, you wouldn't be here, would you?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.