Re: where is libipt_match.so?

[David T-G <davidtg-netfilter@justpickone.org>]

[-- Attachment #1: Type: text/plain, Size: 1677 bytes --]

Ray, et al --

...and then Ray Leach said...
% 
% On Thu, 2003-05-29 at 05:56, David T-G wrote:
...
% > What is it?  From where does (er, should) it come?
% > 
% It's a netfilter module, and it comes from the iptables distribution

The module part I had guessed, but I couldn't find it.


% (also in the 2.4 kernel distro). You get it by compiling and installing
% the iptables distro, or selecting match support in the netfilter kernel
% config section and compiling the kernel.

Ahhh...  So it *was* there before, and I *didn't* botch the typing as I
was tweaking the script!  Very interesting.

1) I originally tried doing the firewall config for this machine via
SuSEfirewall2 before giving up and going directly to iptables.  After
getting things tested, we rebuilt the server from scratch to ensure that
my installation script would work -- and got to this problem.  Would fw2
have added the match module and possible kernel tweaks, or did my client
install a different kernel when he rebuilt this time?

2) What, if anything is the difference between

  iptables -t filter -A INPUT -i EXTT -m match NEW,RELATED,ESTABLISHED -j ACCEPT

(the original, which throws the error) and

  iptables -t filter -A INPUT -i EXTT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

(the current, which seems to work)?


TIA & HAND

:-D
-- 
David T-G                      * There is too much animal courage in 
(play) davidtg@justpickone.org * society and not sufficient moral courage.
(work) davidtgwork@justpickone.org  -- Mary Baker Eddy, "Science and Health"
http://justpickone.org/davidtg/      Shpx gur Pbzzhavpngvbaf Qrprapl Npg!


[-- Attachment #2: Type: application/pgp-signature, Size: 187 bytes --]