LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 06-29-2009, 12:33 PM   #1
skiron.liu
Member
 
Registered: Jun 2009
Location: Harbin
Posts: 32

Rep: Reputation: 0
About iptables with u32 module


I have installed iptables v1.4.4 via source, but I can't use u32 match.
below is my environment:
CentOs 5.2 kernel 2.6.18-92
iptables v1.4.4 installed in /opt/iptables-1.4.4
(I have been linked /opt/iptables-1.4.4/sbin/iptables to /sbin/iptables)
when i type:
[root@localhost]#iptables -t mangle -I PREROUTING -p udp ! -f -m u32 --u32 "0>>22&0x3c@8>>24&0xff=0x02" -j DROP
iptabls: No chain/target/match by that name.
above command I can use in Ubuntu8.1 no any problem.(It's match QQ program's package of udp)

(PS:Sorry for my poor English because English is not my mother language. Hope everyone can understand I meaning.)
 
Old 06-29-2009, 08:44 PM   #2
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 7.7 (?), Centos 8.1
Posts: 17,849

Rep: Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584Reputation: 2584
Probably the easiest option is

man iptables

to see if that option exists.
 
Old 06-29-2009, 09:12 PM   #3
david1941
Member
 
Registered: May 2005
Location: St. Louis, MO
Distribution: CentOS7
Posts: 267

Rep: Reputation: 58
I have found http://iptables-tutorial.frozentux.n...-tutorial.html to be helpful. But I still have problems decoding the match u32 codes: I have a rule that looks like this:
Code:
$/sbin/iptables -A INPUT -j DROP -p udp --dport domain -m u32\
 --u32  "0>>22&0x3C@12>>16=1&&0>>22&0x3C@20>>24=0&&0>>22&0x3C@21=0x00020001"\
 -m comment --comment "DDoS reflector"
and it works. Your rule appears similar. The target in your rule is DROP and it should be OK.

I'll leave it to you to look through the tutorial, though.
 
Old 06-30-2009, 11:06 AM   #4
skiron.liu
Member
 
Registered: Jun 2009
Location: Harbin
Posts: 32

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by chrism01 View Post
Probably the easiest option is

man iptables

to see if that option exists.
Now I known where is problem. The problem is "iptables" the "-m" option. When I enter "iptables -A INPUT -m u32", it will show "iptabls: No chain/target/match by that name." How to fix it? Module is all in the "/opt/iptables-1.4.4/libexec/xtables" directory.
Whether kernel don't suppord 1.4.4?

Last edited by skiron.liu; 06-30-2009 at 12:27 PM.
 
Old 06-30-2009, 05:23 PM   #5
david1941
Member
 
Registered: May 2005
Location: St. Louis, MO
Distribution: CentOS7
Posts: 267

Rep: Reputation: 58
What do you get with "iptables -m u32 -h"? I'm on iptables v1.4.1.1 with 2.6.27.25-78.2.56.fc9.x86_64 kernel, fedora 9 and the modules are in the kernel sources (/lib/modules/2.6.27.25-78.2.56.fc9.x86_64/kernel/net/netfilter)

Last edited by david1941; 06-30-2009 at 05:25 PM. Reason: typo
 
Old 06-30-2009, 09:42 PM   #6
skiron.liu
Member
 
Registered: Jun 2009
Location: Harbin
Posts: 32

Original Poster
Rep: Reputation: 0
It show me help information. In the last few lines is:
u32 match options:
[!] --u32 tests
tests := location "=" value | test "&&" location "=" value
...
...
... and so on

looks like have loaded moudle is success!

If I enter "iptables -m u3a -h"
It show me some "Couldn't load match 'u3a'" and so on.
Whether I need patch netfilter moudle into kernel?
Because I see /lib/modules/$(uname -r)/kernel/net/netfilter/xt_u32.ko in Ubuntu8.1 but CentOs5.2 not

Last edited by skiron.liu; 06-30-2009 at 10:19 PM.
 
Old 07-02-2009, 08:48 AM   #7
david1941
Member
 
Registered: May 2005
Location: St. Louis, MO
Distribution: CentOS7
Posts: 267

Rep: Reputation: 58
Here's an interesting thread about Centos 5. Although it is about a different module, it is a start.
http://www.linuxquestions.org/questi...ptable-737116/
 
Old 07-03-2009, 10:38 AM   #8
skiron.liu
Member
 
Registered: Jun 2009
Location: Harbin
Posts: 32

Original Poster
Rep: Reputation: 0
Thumbs up

Quote:
Originally Posted by david1941 View Post
Here's an interesting thread about Centos 5. Although it is about a different module, it is a start.
http://www.linuxquestions.org/questi...ptable-737116/
You are good man~thanks~

Is kernel version of the problem. I have Updated kernel version solved this problem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How Do You Install Iptables U32 obiche Linux - Newbie 1 11-02-2008 07:35 AM
u32 typedef: kernel source jhwilliams Linux - General 1 09-06-2007 10:42 AM
IPtables: U32 kernel version compatibility maxx.usr Linux - Kernel 4 04-09-2007 01:57 AM
u32 a[]={1,2,5}; lucs Slackware 7 02-09-2005 05:40 AM
How to install u32??? becky_starr Linux - Software 5 01-15-2004 12:31 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration