Re: need help with ipset

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mike Wright <xktnniuymlla@mailinator.com>
To: netfilter@lists.netfilter.org
Subject: Re: need help with ipset
Date: Fri, 15 Sep 2006 09:29:34 -0700	[thread overview]
Message-ID: <450AD4EE.3050205@mailinator.com> (raw)
In-Reply-To: <Pine.LNX.4.58.0609140855340.18386@blackhole.kfki.hu>

Jozsef Kadlecsik wrote:

 > On Sun, 10 Sep 2006, Mike Wright wrote:
 >
 >> Trying to create a set:
 >>    "ipset -N TEST iphash" fails with:
 >>       ipset v2.2.9: Error from kernel: Protocol not available
 >
 >
 >
 > The ipset binary isn't smart enough to autoload the ip_set kernel module,
 > you need to load it manually (or via /etc/modules at system boot time):
 >
 > # modprobe ip_set
 >
Thanks Jozsef.  (Sorry for private reply.  Meant to reply to the list.) 
  That worked.  Also had to modprobe ip_set_iphash.

Still can't get iptables to recognize my set.  Can't find which step 
I've missed.  Here's the ipset -L

  Name: BADIPS
  Type: iphash
  References: 0
  Default binding:
  Header: hashsize: 1024 probes: 8 resize: 50
  Members:
  3.4.5.6
  2.3.4.5
  1.2.3.4
  Bindings:

...and modules
   lsmod |grep ip_set
     ip_set_iphash           8164  1
     ip_set                 20828  2 ip_set_iphash

Now I want to add a rule to iptables.

   "iptables -A INPUT -m set --set BADIPS src -j DROP"

But it errs with

   "iptables: No chain/target/match by that name"

It seems that iptables does not know about BADIPS? <Grasping />

If anyone knows what is missing I would sure appreciate the help :)

Thanks,
Mike Wright

 > Best regards,
 > Jozsef

next prev parent reply	other threads:[~2006-09-15 16:29 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-09-11  2:39 need help with ipset Mike Wright
2006-09-14  6:58 ` Jozsef Kadlecsik
2006-09-15 16:29   ` Mike Wright [this message]
2006-09-15 16:36     ` Mr Ritter
2006-09-15 16:46       ` Mike Wright
2006-09-18 12:11         ` iptables - port forwarding in LAN Snehasis Sinha
2006-09-20 16:20     ` need help with ipset [SOLVED] Mike Wright
  -- strict thread matches above, loose matches on Subject: below --
2006-09-10 18:14 need help with ipset Mike Wright

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=450AD4EE.3050205@mailinator.com \
    --to=xktnniuymlla@mailinator.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.