From: Mike Wright <xktnniuymlla@mailinator.com>
To: netfilter@lists.netfilter.org
Subject: need help with ipset
Date: Sun, 10 Sep 2006 11:14:21 -0700 [thread overview]
Message-ID: <450455FD.50203@mailinator.com> (raw)
Hi netfilter users,
Trying to use ipset but having no joy.
O/S is Fedora Core 4, kernel is linux-2.6.16-xen.
I'm using the instructions from ipset.netfilter.net/install.html.
Kernel readied, patch applied, kernel built, iptables built, ipset
built, no errors reported. Only issue was that everything wanted to
install into /usr/local. The Makefile was changed to use this:
PREFIX:=/
LIBDIR:=$(PREFIX)/lib
BINDIR:=$(PREFIX)/sbin
MANDIR:=$(PREFIX)/usr/share/man
INCDIR:=$(PREFIX)/usr/include
I've built and installed the libipset*.so modules into both
/lib/iptables and /lib/ipset.
When iptables is started it reports v1.3.5 and seems to work with my
previous iptables rules.
Trying to create a set:
"ipset -N TEST iphash" fails with:
ipset v2.2.9: Error from kernel: Protocol not available
On google I found a user with that error, but said he had success once
he loaded the module (didn't say how he did it though). Reading man
iptables says that modules will be loaded implicitly by specifying a
protocol, i.e -p tcp,etc or explicitly by specifying a -m "module", so I
tried this:
"iptables -A INPUT -m set --set TEST dst -j ACCEPT" and got
"iptables v1.3.5: Problem when communicating with ipset, errno=92"
(errno=92 is ENOPROTOOPT /* protocol not supported */)
Here are my kernel configs for ipset:
<M> IP set support
(256)
Maximum number of IP sets
(1024) Hash size
for bindings of IP sets
< > ipmap set support
< > macipmap set support
< > portmap set support
<M> iphash set support
< > nethash set support
< >
ipporthash set support
< > iptree set
support
<M> set match support
<M> SET target support
Docs are pretty sparse on this, so it could very well be PEBCAK.
Any help would be very appreciated.
Thanks,
Mike Wright :m)
next reply other threads:[~2006-09-10 18:14 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-10 18:14 Mike Wright [this message]
-- strict thread matches above, loose matches on Subject: below --
2006-09-11 2:39 need help with ipset Mike Wright
2006-09-14 6:58 ` Jozsef Kadlecsik
2006-09-15 16:29 ` Mike Wright
2006-09-15 16:36 ` Mr Ritter
2006-09-15 16:46 ` Mike Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=450455FD.50203@mailinator.com \
--to=xktnniuymlla@mailinator.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.