LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   iptables error - kernel configuration wrong?? (https://www.linuxquestions.org/questions/linux-general-1/iptables-error-kernel-configuration-wrong-594469/)

joke_dst 10-25-2007 06:14 AM
iptables error - kernel configuration wrong??
 
Hello.

I've recently upgraded my kernel from 2.6.14 to 2.6.19 and now iptables doesn't work anymore. I get this error message:

# iptables -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j DROP
iptables v1.3.6: Couldn't find match `state'

I've looked through the kernel configuration, and it seems I have to activate NETFILTER_XT_MATCH_STATE, which seems to replace IP_NF_TARGET_CLASSIFY (which no longer exists). However, when I do this, it still doesn't work.

In fact, nothing I activate under the new "Core Netfilter configuration" folder in the kernel configuration (like "netfilter netlink" and xtables support) seems to affect the iptables command.

Does anyone have any ideas? Am I even on the right track?

Tinkster 10-26-2007 03:18 PM
Hi,

And welcome to LQ!

To help us in assessing the issue please tell us which distro
you're using, and how you went about that kernel update (e.g.
is it from the distros repository, did you compile a stock kernel
from source, if so, what were the steps taken... )



Cheers,
Tink

joke_dst 10-30-2007 03:24 AM
Hi, and thanks!

I'm using a snapgear distro for integrated systems (www.snapgear.org). They release their own patched versions of the kernel, so I can't for example switch to the latest version without a lot of work...

Anyway, when doing a "make menuconfig" (or xconfig) the IP_NF_TARGET_CLASSIFY option no longer exists. Is this not the case in the mainline kernel?

Some of the option previously in the "IP: Netfilter configuration" part of the kernel configuration is now under "Core Netfilter configuration", but activating them does not affect the behavior of iptables.

Is there something I have to activate? I'm using the version of iptables that came with the distro (1.3.6), so I'd assume it'd be the right one for using the "Core Netfilter configuration"-parts instead, but it doesn't seem to work.


Thanks in advance for any help you can give me
Jocke

Tinkster 10-30-2007 03:42 AM
Sorry, but with the cyberguard's modified kernel I think you
should be asking their support rather than the community; not
because I don't want to help but simply because I don't know
and don't have any access to it.

Maybe someone else has the same device/kernel and can offer
advice, I'll add tags to your post and suggest that you rename
it and add a reference to the device in the subject, too.



Cheers,
Tink


All times are GMT -5. The time now is 06:32 AM.