where is libipt_match.so?

where is libipt_match.so?

[David T-G]

[-- Attachment #1: Type: text/plain, Size: 1051 bytes --]

Hi again, all --

I have finally gotten my client to rebuild his SCO UnitedLinux machine
from scratch to give me a guaranteed-clean base and I tried running my
iptables setup script.  Everything (NIC discovery, init script creation,
etcetc) appears to have gone well but iptables has a problem:

  ...
  iptables -t filter -A INPUT -i eth0 -m match NEW,RELATED,ESTABLISHED -j ACCEPT
  iptables v1.2.7a: Couldn't load match `match':/usr/lib/iptables/libipt_match.so: cannot open shared object file: No such file or directory

This worked before, but I had also mucked around with the SuSEfirewall2
scripts before; sure enough, it isn't there now.  Where does that file
live?  Do I need another RPM, perhaps?


TIA & HAND

:-D
-- 
David T-G                      * There is too much animal courage in 
(play) davidtg@justpickone.org * society and not sufficient moral courage.
(work) davidtgwork@justpickone.org  -- Mary Baker Eddy, "Science and Health"
http://justpickone.org/davidtg/      Shpx gur Pbzzhavpngvbaf Qrprapl Npg!


[-- Attachment #2: Type: application/pgp-signature, Size: 187 bytes --]

RE: where is libipt_match.so?

[George Vieira]

Have you searched for the file?

# Unix compatible search. ;)
find / -name libipt_match.so -exec ls -l {} \;

if it's in a different location just symbolic link it to where ever it's
looking for it.. ;) cheap way out..

Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au

Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au
 

-----Original Message-----
From: David T-G [mailto:davidtg-netfilter@justpickone.org]
Sent: Thursday, May 29, 2003 1:44 PM
To: NetFilter Users' List
Subject: where is libipt_match.so?


Hi again, all --

I have finally gotten my client to rebuild his SCO UnitedLinux machine
from scratch to give me a guaranteed-clean base and I tried running my
iptables setup script.  Everything (NIC discovery, init script creation,
etcetc) appears to have gone well but iptables has a problem:

  ...
  iptables -t filter -A INPUT -i eth0 -m match NEW,RELATED,ESTABLISHED
-j ACCEPT
  iptables v1.2.7a: Couldn't load match
`match':/usr/lib/iptables/libipt_match.so: cannot open shared object
file: No such file or directory

This worked before, but I had also mucked around with the SuSEfirewall2
scripts before; sure enough, it isn't there now.  Where does that file
live?  Do I need another RPM, perhaps?


TIA & HAND

:-D
-- 
David T-G                      * There is too much animal courage in 
(play) davidtg@justpickone.org * society and not sufficient moral
courage.
(work) davidtgwork@justpickone.org  -- Mary Baker Eddy, "Science and
Health"
http://justpickone.org/davidtg/      Shpx gur Pbzzhavpngvbaf Qrprapl
Npg!

Re: where is libipt_match.so?

[David T-G]

[-- Attachment #1: Type: text/plain, Size: 1106 bytes --]

George, et al --

...and then George Vieira said...
% 
% Have you searched for the file?

I hadn't yet, but I did, and it truly isn't on the system.

What is it?  From where does (er, should) it come?


% 
% # Unix compatible search. ;)
% find / -name libipt_match.so -exec ls -l {} \;

The only kind -- although I wouldn't bother with the extra overhead of
the exec ;-)



% 
% if it's in a different location just symbolic link it to where ever it's
% looking for it.. ;) cheap way out..

If only it were that simple!


% 
% Thanks,

Thanks, anyway.


% ____________________________________________
% George Vieira
% Systems Manager
% georgev@citadelcomputer.com.au
% 
% Citadel Computer Systems Pty Ltd
% http://www.citadelcomputer.com.au


HAND

:-D
-- 
David T-G                      * There is too much animal courage in 
(play) davidtg@justpickone.org * society and not sufficient moral courage.
(work) davidtgwork@justpickone.org  -- Mary Baker Eddy, "Science and Health"
http://justpickone.org/davidtg/      Shpx gur Pbzzhavpngvbaf Qrprapl Npg!


[-- Attachment #2: Type: application/pgp-signature, Size: 187 bytes --]

Re: where is libipt_match.so?

[Ray Leach]

[-- Attachment #1: Type: text/plain, Size: 1457 bytes --]

On Thu, 2003-05-29 at 05:56, David T-G wrote:
> George, et al --
> 
> ...and then George Vieira said...
> % 
> % Have you searched for the file?
> 
> I hadn't yet, but I did, and it truly isn't on the system.
> 
> What is it?  From where does (er, should) it come?
> 
It's a netfilter module, and it comes from the iptables distribution
(also in the 2.4 kernel distro). You get it by compiling and installing
the iptables distro, or selecting match support in the netfilter kernel
config section and compiling the kernel.

> 
> % 
> % # Unix compatible search. ;)
> % find / -name libipt_match.so -exec ls -l {} \;
> 
> The only kind -- although I wouldn't bother with the extra overhead of
> the exec ;-)
> 
> 
> 
> % 
> % if it's in a different location just symbolic link it to where ever it's
> % looking for it.. ;) cheap way out..
> 
> If only it were that simple!
> 
> 
> % 
> % Thanks,
> 
> Thanks, anyway.
> 
> 
> % ____________________________________________
> % George Vieira
> % Systems Manager
> % georgev@citadelcomputer.com.au
> % 
> % Citadel Computer Systems Pty Ltd
> % http://www.citadelcomputer.com.au
> 
> 
> HAND
> 
> :-D
-- 
--
Raymond Leach <raymondl@knowledgefactory.co.za>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
--

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: where is libipt_match.so?

[David T-G]

[-- Attachment #1: Type: text/plain, Size: 1677 bytes --]

Ray, et al --

...and then Ray Leach said...
% 
% On Thu, 2003-05-29 at 05:56, David T-G wrote:
...
% > What is it?  From where does (er, should) it come?
% > 
% It's a netfilter module, and it comes from the iptables distribution

The module part I had guessed, but I couldn't find it.


% (also in the 2.4 kernel distro). You get it by compiling and installing
% the iptables distro, or selecting match support in the netfilter kernel
% config section and compiling the kernel.

Ahhh...  So it *was* there before, and I *didn't* botch the typing as I
was tweaking the script!  Very interesting.

1) I originally tried doing the firewall config for this machine via
SuSEfirewall2 before giving up and going directly to iptables.  After
getting things tested, we rebuilt the server from scratch to ensure that
my installation script would work -- and got to this problem.  Would fw2
have added the match module and possible kernel tweaks, or did my client
install a different kernel when he rebuilt this time?

2) What, if anything is the difference between

  iptables -t filter -A INPUT -i EXTT -m match NEW,RELATED,ESTABLISHED -j ACCEPT

(the original, which throws the error) and

  iptables -t filter -A INPUT -i EXTT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

(the current, which seems to work)?


TIA & HAND

:-D
-- 
David T-G                      * There is too much animal courage in 
(play) davidtg@justpickone.org * society and not sufficient moral courage.
(work) davidtgwork@justpickone.org  -- Mary Baker Eddy, "Science and Health"
http://justpickone.org/davidtg/      Shpx gur Pbzzhavpngvbaf Qrprapl Npg!


[-- Attachment #2: Type: application/pgp-signature, Size: 187 bytes --]

ip_queue, userspace module, ipq_packet_msg_t field 'hook'. Any purpose?

[Scott MacKay]

Hello.
I am working with a userspace module, registered for
the QUEUE iptables target.  When getting packets from
the kernel, it receives a ipt_packet_msg_t structure. 
One of the fields it gets is an int 'hook'.  Does this
field serve any useful purpose?  Does it describe in
any way the  table which the QUEUE was invoked from?

-Scott

__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com

RE: where is libipt_match.so?

[Michael K]

> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org 
> [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of David T-G
> Sent: Thursday, May 29, 2003 5:44 AM
> To: NetFilter Users' List
> Subject: where is libipt_match.so?
> 
> 
> Hi again, all --
> 
> I have finally gotten my client to rebuild his SCO 
> UnitedLinux machine from scratch to give me a 
> guaranteed-clean base and I tried running my iptables setup 
> script.  Everything (NIC discovery, init script creation,
> etcetc) appears to have gone well but iptables has a problem:
> 
>   ...
>   iptables -t filter -A INPUT -i eth0 -m match 
> NEW,RELATED,ESTABLISHED -j ACCEPT
>   iptables v1.2.7a: Couldn't load match 
> `match':/usr/lib/iptables/libipt_match.so: cannot open shared 
> object file: No such file or directory
> 
> This worked before, but I had also mucked around with the 
> SuSEfirewall2 scripts before; sure enough, it isn't there 
> now.  Where does that file live?  Do I need another RPM, perhaps?
> 
> 
> TIA & HAND
> 

Shouldn't the line read
iptables -t filter -A INPUT -i eth0 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT

Did a search in the pom for *match*. Didn't find any.