From: Jeff Gordon <jeff.gordon@wellnow.com>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: netfilter@lists.netfilter.org
Subject: Re: Can I add a module to a prebuilt kernel?
Date: Thu, 3 Jun 2004 17:01:33 -0400 [thread overview]
Message-ID: <20040603210133.GN24398@wellnow.com> (raw)
In-Reply-To: <Pine.LNX.4.33.0406030949440.10743-100000@blackhole.kfki.hu>
(Thanks, Joseph.:-)
So I obtained the iptables-1.2.9 source package and compiled it.
On 'make install', however I found libipt_recent.so was NOT placed into
the loadable modules directory...!
I don't know if that has something to do with its being a RedHat
system, or if it's something omitted from iptables' own config or
Makefile. Either way -- I moved it there manually, and things appear
to be working as intended, now. :-)
Thanks kindly to the several folks who offered thoughts and assistance
on this. I'll come back in a separate message with a question about
using either '--limit' or '-m recent' to address SYN floods.
-- Jeff --
On Thu, Jun 03, 2004 at 09:52:26AM +0200, Jozsef Kadlecsik wrote:
> On Wed, 2 Jun 2004, Jeff Gordon wrote:
>
> > > Jeff Gordon wrote:
> > > > I'm running a RH ES 3 system, and it appears _support_ for ipt_recent
> > > > is included in the kernel but libipt_recent.so is nowhere to be found.
> > > > Kernel source for the prebuilt kernel in the distribution is available.
> > >
> > > In general, if a kernel feature is built into the kernel there is no
> > > appropriate module file. Because the functionality is in the kernel.
> >
> > - If I do 'modprobe ipt_recent' and then 'lsmod |grep ip',
> > I see 'ipt_recent' at the top of listing.
> >
> > - However, if I then add a rule with '-m recent' in it,
> > iptables complains it can't find libipt_recent.so.
>
> That's the iptables shared library for recent match, which is missing from
> your systems. In other words the iptables binary lacks the recent match
> support and thus you cannot use the feature available in the kernel.
>
> Best regards,
> Jozsef
> -
> E-mail : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : KFKI Research Institute for Particle and Nuclear Physics
> H-1525 Budapest 114, POB. 49, Hungary
>
>
>
--
-- Jeff -- <http://www.wellnow.com>
"There's nothing left in the world to prove. All that's worth doing
is to love one another, using whatever means are available to serve."
next prev parent reply other threads:[~2004-06-03 21:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-02 7:38 Can I add a module to a prebuilt kernel? Jeff Gordon
[not found] ` <40BE09B2.90501@web.de>
2004-06-02 19:06 ` Jeff Gordon
2004-06-03 7:52 ` Jozsef Kadlecsik
2004-06-03 21:01 ` Jeff Gordon [this message]
2004-06-04 7:48 ` Jozsef Kadlecsik
2004-06-03 21:16 ` Best defense for syn-floods...? Jeff Gordon
2004-06-02 21:04 ` Can I add a module to a prebuilt kernel? Martin Stricker
2004-06-02 22:13 ` Florian Boelstler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040603210133.GN24398@wellnow.com \
--to=jeff.gordon@wellnow.com \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox