xtables-addons ACCOUNT

xtables-addons ACCOUNT

[Maarten Vanraes]

Hello,

I can't get it working myself:
 * kernel: 2.6.26-2-amd64 (debian lenny)
 * iptables: 1.4.8
 * xtables-addons: 1.26


- man pages tell us to use CIDR notation; however syslog shows in the error 
messages "network/netmask" notation (255.255.255.0)
- removing the rule with iptables -D removes the rule, but it seems not the 
account table.
- iptaccount -h doesn't remove it either
- modprobe -r xt_ACCOUNT doesn't either
- i always get 0 rules or something
- adding the rule after it's been deleted doesn't work, i get error messages 
about wrong parameters
- adding a diff addr with same name succeeds, but gives error messages in 
syslog


Do i do something wrong; or is there a bug in here?

Kind Regards,

Maarten Vanraes

Re: xtables-addons ACCOUNT

[Bob Miller]

I have this installed on Debian.  I am running squeeze, kernel=2.6.32.
My first time trying the ACCOUNT module was before there was a debian
package, and I remember one of the problems I had then was that the
kernel was too old.  I can't remember what version it was then,  but I
suspect it was around 2.6.25 or so.
Once you have downloaded the packages, this command should get you
started:
$(m-a a-i -t xtables-addons-source)
One thing I had to do this time with the debian package was make a
symlink from /usr/lib/libxt_ACCOUNT_cl.so.0
to /usr/lib/libxt_ACCOUNT_cl.so.0.0.0
in order to get the module to load.  then a $(modprobe xt_ACCOUNT)
should work.  If I recall, I have also had it happen in the past that
all the libxt stuff was in the wrong location, and I had to symlink a
full directory to get it working, but I think that was before it came
out as a .deb. 
If I recall, another road block was that I needed the iptables-dev
package installed.
Once the module was loaded, I created the following rules for my
networks:

gatelian:/usr/lib# iptables-save | grep tname
-A POSTROUTING -j ACCOUNT --addr 0.0.0.0/0 --tname wan
-A POSTROUTING -j ACCOUNT --addr 192.168.25.0/24 --tname computerisms
-A POSTROUTING -j ACCOUNT --addr 192.168.24.0/24 --tname
computerisms-public

I believe the rules for the two non-routable subnets will not count
accurately to the outside, the count these rules give should be higher
than what bandwidth is used to the net at large.

if it loads successfully, then $(iptaccount -a) should show you
something like:

Found table: wan
Found table: computerisms
Found table: computerisms-public

I remember this ACCOUNT thing did not go smoothly for me, the hardest
part has always been in getting the module to load.  But if you post
more specific error messages, I am pretty sure I can help you get it in
there...

On Mon, 2010-10-18 at 17:12 +0200, Maarten Vanraes wrote:
> Hello,
> 
> I can't get it working myself:
>  * kernel: 2.6.26-2-amd64 (debian lenny)
>  * iptables: 1.4.8
>  * xtables-addons: 1.26
> 
> 
> - man pages tell us to use CIDR notation; however syslog shows in the error 
> messages "network/netmask" notation (255.255.255.0)
> - removing the rule with iptables -D removes the rule, but it seems not the 
> account table.
> - iptaccount -h doesn't remove it either
> - modprobe -r xt_ACCOUNT doesn't either
> - i always get 0 rules or something
> - adding the rule after it's been deleted doesn't work, i get error messages 
> about wrong parameters
> - adding a diff addr with same name succeeds, but gives error messages in 
> syslog
> 
> 
> Do i do something wrong; or is there a bug in here?
> 
> Kind Regards,
> 
> Maarten Vanraes
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Bob Miller
334-7117/660-5315
http://computerisms.ca
bob@computerisms.ca
Network, Internet, Server,
and Open Source Solutions

Re: xtables-addons ACCOUNT

[Bob Miller]

>  loaded, I created the following rules for my
> networks:
> 
> gatelian:/usr/lib# iptables-save | grep tname
> -A POSTROUTING -j ACCOUNT --addr 0.0.0.0/0 --tname wan
> -A POSTROUTING -j ACCOUNT --addr 192.168.25.0/24 --tname computerisms
> -A POSTROUTING -j ACCOUNT --addr 192.168.24.0/24 --tname
> computerisms-public

This is in the mangle table...

Bob Miller
334-7117/660-5315
http://computerisms.ca
bob@computerisms.ca
Network, Internet, Server,
and Open Source Solutions

Re: xtables-addons ACCOUNT

[Maarten Vanraes]

Op maandag 18 oktober 2010 18:32:33 schreef Bob Miller:
> >  loaded, I created the following rules for my
> > 
> > networks:
> > 
> > gatelian:/usr/lib# iptables-save | grep tname
> > -A POSTROUTING -j ACCOUNT --addr 0.0.0.0/0 --tname wan
> > -A POSTROUTING -j ACCOUNT --addr 192.168.25.0/24 --tname computerisms
> > -A POSTROUTING -j ACCOUNT --addr 192.168.24.0/24 --tname
> > computerisms-public
> 
> This is in the mangle table...

hmm.

i used iptables and iptables-dev from squeeze on a lenny; and libnfnetfilter 
from backports to get good versions as i looked at the distro compatibility 
chart. Then, i compiled xtables-addons from source with:

./configure --prefix=/usr --sbindir=/sbin --with-xtdirlib=/lib

this way the stuff is in the correct debian dir. The module loaded 
automatically and pretty ok.

i tried:
iptables -A INPUT -j ACCOUNT --addr 10.66.6.0/24 --tname storagenet
iptables -A FORWARD -j ACCOUNT --addr 194.0.234.0/24 --tname publicnet
iptables -A FORWARD -j ACCOUNT --addr 0.0.0.0/0 --tname self

and stuff. in any case, i can't do this now, because i always get the same 
error now. I think i'll need to reboot to get a fresh start.

this was all in the main table.

where exactly should i use the ACCOUNT module? does that matter?

the error message:


"iptables: Invalid argument. Run `dmesg' for more information."


in dmesg nothing is there.
error message when trying to use it now:


ACCOUNT: Table publicnet found, but IP/netmask mismatch. IP/netmask found: 
194.0.234.0/255.255.255.0
ACCOUNT: Table insert problem. Aborting


when trying to remove the rule with iptables:


ACCOUNT: Table publicnet not found for destroy


"iptaccount -a" does show the nets fine; but the -l publicnet always gives:


Showing table: publicnet
Run #0 - 0 items found
Finished.

Re: xtables-addons ACCOUNT

[Jan Engelhardt]

On Tuesday 2010-10-19 10:09, Maarten Vanraes wrote:
>
>iptables -A INPUT -j ACCOUNT --addr 10.66.6.0/24 --tname storagenet
>iptables -A FORWARD -j ACCOUNT --addr 194.0.234.0/24 --tname publicnet
>iptables -A FORWARD -j ACCOUNT --addr 0.0.0.0/0 --tname self
>
>and stuff. in any case, i can't do this now, because i always get the same 
>error now. I think i'll need to reboot to get a fresh start.
>
>this was all in the main table.

What main table?

>where exactly should i use the ACCOUNT module? does that matter?
>
>the error message:
>
>"iptables: Invalid argument. Run `dmesg' for more information."
>
>in dmesg nothing is there.
>error message when trying to use it now:
>
>ACCOUNT: Table publicnet found, but IP/netmask mismatch. IP/netmask found: 
>194.0.234.0/255.255.255.0
>ACCOUNT: Table insert problem. Aborting

Got a mix of old versions, or using non-Xt-a components, or non-little-endian
machine?

Re: xtables-addons ACCOUNT

[Maarten Vanraes]

Op dinsdag 19 oktober 2010 11:38:30 schreef Jan Engelhardt:
> On Tuesday 2010-10-19 10:09, Maarten Vanraes wrote:
> >iptables -A INPUT -j ACCOUNT --addr 10.66.6.0/24 --tname storagenet
> >iptables -A FORWARD -j ACCOUNT --addr 194.0.234.0/24 --tname publicnet
> >iptables -A FORWARD -j ACCOUNT --addr 0.0.0.0/0 --tname self
> >
> >and stuff. in any case, i can't do this now, because i always get the same
> >error now. I think i'll need to reboot to get a fresh start.
> >
> >this was all in the main table.
> 
> What main table?

i mean in the iptables i did not pass a "-t" option to put it into nat or 
mangle table.


> >where exactly should i use the ACCOUNT module? does that matter?
> >
> >the error message:
> >
> >"iptables: Invalid argument. Run `dmesg' for more information."
> >
> >in dmesg nothing is there.
> >error message when trying to use it now:
> >
> >ACCOUNT: Table publicnet found, but IP/netmask mismatch. IP/netmask found:
> >194.0.234.0/255.255.255.0
> >ACCOUNT: Table insert problem. Aborting
> 
> Got a mix of old versions, or using non-Xt-a components, or
> non-little-endian machine?

the machine is x86_64, kernel is 2.6.26-2-amd64 (debian lenny)
 * iptables: 1.4.8 (from debian squeeze)
 * xtables-addons: 1.26 (built from source)

at this moment, there is no other iptables usage and is a default debian 
lenny.

is there anything else you wish to know?

Re: xtables-addons ACCOUNT

[Bob Miller]

Hi
> 
> where exactly should i use the ACCOUNT module? does that matter?

Assuming you mean in your iptables rule set, yes, it matters, and you
should put it where you want it to count.  Based on my my understanding,
limited though it is; in theory, for the 0/0 subnet, the mangle
table/prerouting chain will catch all traffic between you and the ISP
that has tcp/ip qualities (ie address and netmask).  If you are trying
to count data used to the ISP by computers on a LAN, then placing the
rule in the filter table/forward chain should count that traffic.

> error message when trying to use it now:
> 
> 
> ACCOUNT: Table publicnet found, but IP/netmask mismatch. IP/netmask found: 
> 194.0.234.0/255.255.255.0
> ACCOUNT: Table insert problem. Aborting

Seems your configuration doesn't match your situation?  without knowing
more about your environment and how you configured this box, it is hard
to say, maybe your interface address is not in 194.0.234.0/24 or
something?
Jan's response might seem to indicate this is an issue of the way you
built this up or a software mismatch of some sort.  Given the fun I had
making this work before it all came out in debian packages with debian
methods of building it, I would not be one bit surprised if that is the
case.

> when trying to remove the rule with iptables:
> 
> 
> ACCOUNT: Table publicnet not found for destroy
> 
> 
> "iptaccount -a" does show the nets fine; but the -l publicnet always gives:
> 
> 
> Showing table: publicnet
> Run #0 - 0 items found
> Finished.

If the other two nets are working as expected, I would think that means
your software is working, but I dont' know why you would have this
problem on the one net.


Bob Miller
334-7117/660-5315
http://computerisms.ca
bob@computerisms.ca
Network, Internet, Server,
and Open Source Solutions

Re: xtables-addons ACCOUNT

[Maarten Vanraes]

Op dinsdag 19 oktober 2010 18:45:49 schreef Bob Miller:
> Hi
> 
> > where exactly should i use the ACCOUNT module? does that matter?
> 
> Assuming you mean in your iptables rule set, yes, it matters, and you
> should put it where you want it to count.  Based on my my understanding,
> limited though it is; in theory, for the 0/0 subnet, the mangle
> table/prerouting chain will catch all traffic between you and the ISP
> that has tcp/ip qualities (ie address and netmask).  If you are trying
> to count data used to the ISP by computers on a LAN, then placing the
> rule in the filter table/forward chain should count that traffic.
> 
> > error message when trying to use it now:
> > 
> > 
> > ACCOUNT: Table publicnet found, but IP/netmask mismatch. IP/netmask
> > found: 194.0.234.0/255.255.255.0
> > ACCOUNT: Table insert problem. Aborting
> 
> Seems your configuration doesn't match your situation?  without knowing
> more about your environment and how you configured this box, it is hard
> to say, maybe your interface address is not in 194.0.234.0/24 or
> something?
> Jan's response might seem to indicate this is an issue of the way you
> built this up or a software mismatch of some sort.  Given the fun I had
> making this work before it all came out in debian packages with debian
> methods of building it, I would not be one bit surprised if that is the
> case.

this error message is due to a previous publicnet rule, and it can't seem to 
find the matching network. even though it is the same one. (i suspect it is due 
to network being 194.0.234.0/24 and the matcher is checking 
194.0.234.0/255.255.255.0 ). also i suspect there is a another bug when 
removing the rule that the matcher can't find the correct one (also due to 
different netmask notations?) and thus not everything is removed which means 
that i can't reinsert that one.


Well, i looked at the distromap, seen which versions of what packages work 
well and put those working ones on this lenny: for instance; this lenny has 
pretty much all relevant packages from the squeeze (which is green in that 
map)

furthermore, i don't have any problem with the module; it loads fine

> > when trying to remove the rule with iptables:
> > 
> > 
> > ACCOUNT: Table publicnet not found for destroy
> > 
> > 
> > "iptaccount -a" does show the nets fine; but the -l publicnet always
> > gives:
> > 
> > 
> > Showing table: publicnet
> > Run #0 - 0 items found
> > Finished.
> 
> If the other two nets are working as expected, I would think that means
> your software is working, but I dont' know why you would have this
> problem on the one net.


no, i am testing manually with iptables and this is after the first entry 
(there is only one tname here.

but no amount of traffic is having any effect here.

i mean; where do i get all the results? it always says 0.

Kind regards,

Maarten

Re: xtables-addons ACCOUNT

[Jan Engelhardt]

On Wednesday 2010-10-20 10:25, Maarten Vanraes wrote:

>> > ACCOUNT: Table publicnet found, but IP/netmask mismatch. IP/netmask
>> > found: 194.0.234.0/255.255.255.0
>> > ACCOUNT: Table insert problem. Aborting
>
>this error message is due to a previous publicnet rule, and it can't seem to 
>find the matching network. even though it is the same one. (i suspect it is due 
>to network being 194.0.234.0/24 and the matcher is checking 
>194.0.234.0/255.255.255.0 ). also i suspect there is a another bug when 
>removing the rule that the matcher can't find the correct one (also due to 
>different netmask notations?) and thus not everything is removed which means 
>that i can't reinsert that one.

Do you have a minimal testcase available?

Re: xtables-addons ACCOUNT

[Maarten Vanraes]

Op woensdag 20 oktober 2010 11:16:29 schreef Jan Engelhardt:
> On Wednesday 2010-10-20 10:25, Maarten Vanraes wrote:
> >> > ACCOUNT: Table publicnet found, but IP/netmask mismatch. IP/netmask
> >> > found: 194.0.234.0/255.255.255.0
> >> > ACCOUNT: Table insert problem. Aborting
> >
> >this error message is due to a previous publicnet rule, and it can't seem
> >to find the matching network. even though it is the same one. (i suspect
> >it is due to network being 194.0.234.0/24 and the matcher is checking
> >194.0.234.0/255.255.255.0 ). also i suspect there is a another bug when
> >removing the rule that the matcher can't find the correct one (also due to
> >different netmask notations?) and thus not everything is removed which
> >means that i can't reinsert that one.
> 
> Do you have a minimal testcase available?


machine is rebooted, no iptables yet, no modules loaded.

[]# iptables -t mangle -I POSTROUTING -j ACCOUNT --addr 0.0.0.0/0 --tname self
iptables: Invalid argument. Run `dmesg' for more information.
[]# iptables -I FORWARD -j ACCOUNT --addr 194.0.234.0/24 --tname publicnet
iptables: Invalid argument. Run `dmesg' for more information.

dmesg is empty.

lsmod shows that xt_ACCOUNT is loaded into memory.

Re: xtables-addons ACCOUNT

[Jan Engelhardt]

On Wednesday 2010-10-20 15:03, Maarten Vanraes wrote:
>Op woensdag 20 oktober 2010 11:16:29 schreef Jan Engelhardt:
>> On Wednesday 2010-10-20 10:25, Maarten Vanraes wrote:
>> >> > ACCOUNT: Table publicnet found, but IP/netmask mismatch. IP/netmask
>> >> > found: 194.0.234.0/255.255.255.0
>> >> > ACCOUNT: Table insert problem. Aborting
>> >
>> >this error message is due to a previous publicnet rule, and it can't seem
>> >to find the matching network. even though it is the same one. (i suspect
>> >it is due to network being 194.0.234.0/24 and the matcher is checking
>> >194.0.234.0/255.255.255.0 ). also i suspect there is a another bug when
>> >removing the rule that the matcher can't find the correct one (also due to
>> >different netmask notations?) and thus not everything is removed which
>> >means that i can't reinsert that one.
>> 
>> Do you have a minimal testcase available?
>
>
>machine is rebooted, no iptables yet, no modules loaded.
>
>[]# iptables -t mangle -I POSTROUTING -j ACCOUNT --addr 0.0.0.0/0 --tname self
>iptables: Invalid argument. Run `dmesg' for more information.

I fail to reproduce this in 64-bit and 32-compat environments.
Since ACCOUNT.ko and x_tables.ko do output appropriate messages
to dmesg along with returning EINVAL... I don't see much
possibilities.

One could be that you are using an overly old xtables-addons (< 1.27)
compat_xtables.ko with an overly new kernel (>= v2.6.35) -
combined with having ignored the compile warnings/errors (when
building from source, as DKMS unfortunately does).

Re: xtables-addons ACCOUNT

[Maarten Vanraes]

Op woensdag 20 oktober 2010 19:36:14 schreef Jan Engelhardt:
> On Wednesday 2010-10-20 15:03, Maarten Vanraes wrote:
> >Op woensdag 20 oktober 2010 11:16:29 schreef Jan Engelhardt:
> >> On Wednesday 2010-10-20 10:25, Maarten Vanraes wrote:
> >> >> > ACCOUNT: Table publicnet found, but IP/netmask mismatch. IP/netmask
> >> >> > found: 194.0.234.0/255.255.255.0
> >> >> > ACCOUNT: Table insert problem. Aborting
> >> >
> >> >this error message is due to a previous publicnet rule, and it can't
> >> >seem to find the matching network. even though it is the same one. (i
> >> >suspect it is due to network being 194.0.234.0/24 and the matcher is
> >> >checking 194.0.234.0/255.255.255.0 ). also i suspect there is a
> >> >another bug when removing the rule that the matcher can't find the
> >> >correct one (also due to different netmask notations?) and thus not
> >> >everything is removed which means that i can't reinsert that one.
> >> 
> >> Do you have a minimal testcase available?
> >
> >machine is rebooted, no iptables yet, no modules loaded.
> >
> >[]# iptables -t mangle -I POSTROUTING -j ACCOUNT --addr 0.0.0.0/0 --tname
> >self iptables: Invalid argument. Run `dmesg' for more information.
> 
> I fail to reproduce this in 64-bit and 32-compat environments.
> Since ACCOUNT.ko and x_tables.ko do output appropriate messages
> to dmesg along with returning EINVAL... I don't see much
> possibilities.
> 
> One could be that you are using an overly old xtables-addons (< 1.27)
> compat_xtables.ko with an overly new kernel (>= v2.6.35) -
> combined with having ignored the compile warnings/errors (when
> building from source, as DKMS unfortunately does).

hmm, i'm using xtables-addons 1.26 (i thought this was the latest?) i built 
this one from source.

my kernel is 2.6.26 (so it's not overly new)

since i compiled xtables-addons myself, i didn't see any compiler warnings

and i'm on x86_64.

mvg,

Maarten

Re: xtables-addons ACCOUNT

[Maarten Vanraes]

Op woensdag 20 oktober 2010 19:36:14 schreef Jan Engelhardt:
> On Wednesday 2010-10-20 15:03, Maarten Vanraes wrote:
> >Op woensdag 20 oktober 2010 11:16:29 schreef Jan Engelhardt:
> >> On Wednesday 2010-10-20 10:25, Maarten Vanraes wrote:
> >> >> > ACCOUNT: Table publicnet found, but IP/netmask mismatch. IP/netmask
> >> >> > found: 194.0.234.0/255.255.255.0
> >> >> > ACCOUNT: Table insert problem. Aborting
> >> >
> >> >this error message is due to a previous publicnet rule, and it can't
> >> >seem to find the matching network. even though it is the same one. (i
> >> >suspect it is due to network being 194.0.234.0/24 and the matcher is
> >> >checking 194.0.234.0/255.255.255.0 ). also i suspect there is a
> >> >another bug when removing the rule that the matcher can't find the
> >> >correct one (also due to different netmask notations?) and thus not
> >> >everything is removed which means that i can't reinsert that one.
> >> 
> >> Do you have a minimal testcase available?
> >
> >machine is rebooted, no iptables yet, no modules loaded.
> >
> >[]# iptables -t mangle -I POSTROUTING -j ACCOUNT --addr 0.0.0.0/0 --tname
> >self iptables: Invalid argument. Run `dmesg' for more information.
> 
> I fail to reproduce this in 64-bit and 32-compat environments.
> Since ACCOUNT.ko and x_tables.ko do output appropriate messages
> to dmesg along with returning EINVAL... I don't see much
> possibilities.
> 
> One could be that you are using an overly old xtables-addons (< 1.27)
> compat_xtables.ko with an overly new kernel (>= v2.6.35) -
> combined with having ignored the compile warnings/errors (when
> building from source, as DKMS unfortunately does).

hmm, i'm using xtables-addons 1.26 (i thought this was the latest?) i built 
this one from source.

my kernel is 2.6.26 (so it's not overly new)

since i compiled xtables-addons myself, i didn't see any compiler warnings

and i'm on x86_64.

mvg,

Maarten

Re: xtables-addons ACCOUNT

[Jan Engelhardt]

On Thursday 2010-10-21 13:31, Maarten Vanraes wrote:
>> I fail to reproduce this in 64-bit and 32-compat environments.
>> Since ACCOUNT.ko and x_tables.ko do output appropriate messages
>> to dmesg along with returning EINVAL... I don't see much
>> possibilities.
>> 
>> One could be that you are using an overly old xtables-addons (< 1.27)
>> compat_xtables.ko with an overly new kernel (>= v2.6.35) -
>> combined with having ignored the compile warnings/errors (when
>> building from source, as DKMS unfortunately does).
>
>hmm, i'm using xtables-addons 1.26 (i thought this was the latest?) i built 
>this one from source.
>
>my kernel is 2.6.26 (so it's not overly new)
>
>since i compiled xtables-addons myself, i didn't see any compiler warnings

I can't boot pre-2.6.27 anymore with my userspace, and I don't feel like
spending time on installing a system. So unless someone has one for me
ready to toy on, I'll rip out the old support.

Re: xtables-addons ACCOUNT

[Maarten Vanraes]

Op woensdag 27 oktober 2010 22:28:46 schreef Jan Engelhardt:
> On Thursday 2010-10-21 13:31, Maarten Vanraes wrote:
> >> I fail to reproduce this in 64-bit and 32-compat environments.
> >> Since ACCOUNT.ko and x_tables.ko do output appropriate messages
> >> to dmesg along with returning EINVAL... I don't see much
> >> possibilities.
> >> 
> >> One could be that you are using an overly old xtables-addons (< 1.27)
> >> compat_xtables.ko with an overly new kernel (>= v2.6.35) -
> >> combined with having ignored the compile warnings/errors (when
> >> building from source, as DKMS unfortunately does).
> >
> >hmm, i'm using xtables-addons 1.26 (i thought this was the latest?) i
> >built this one from source.
> >
> >my kernel is 2.6.26 (so it's not overly new)
> >
> >since i compiled xtables-addons myself, i didn't see any compiler warnings
> 
> I can't boot pre-2.6.27 anymore with my userspace, and I don't feel like
> spending time on installing a system. So unless someone has one for me
> ready to toy on, I'll rip out the old support.

I forgot to mention, i've installed 1.30 (still using 2.6.26) and it works 
now. But the sourceforge shows the 1.26 as the latest version; because it's 
bzip2 . I had to go through all sorts of stuff to fine myself an xz-utils that 
was able to unpack the .tar.xz archive.

Especially servers don't have that kind of support atm.

Kind regards and thanks for all the help; i didn't even realise there was a 
newer version out.

Maarten

Re: xtables-addons ACCOUNT

[Jan Engelhardt]

On Thursday 2010-10-28 09:32, Maarten Vanraes wrote:
>
>I forgot to mention, i've installed 1.30 (still using 2.6.26) and it works 
>now. But the sourceforge shows the 1.26 as the latest version; because it's 
>bzip2 .

Yeah, SF has dumb defaults (used to better some years ago) - worked around now.
Anyway since SF also killed its notification system, there is
http://freshmeat.net/projects/xtables-addons to which users
can subscribe to.

>I had to go through all sorts of stuff to fine myself an xz-utils that 
>was able to unpack the .tar.xz archive.
>Especially servers don't have that kind of support atm.

xz 4.999 (released 2009Q1) should do.
It is included in openSUSE 11.3, 11.2, Fedora 14, 13, 12, and
most likely others.

Re: xtables-addons ACCOUNT

[Maarten Vanraes]

Op vrijdag 29 oktober 2010 00:20:38 schreef Jan Engelhardt:
> On Thursday 2010-10-28 09:32, Maarten Vanraes wrote:
> >I forgot to mention, i've installed 1.30 (still using 2.6.26) and it works
> >now. But the sourceforge shows the 1.26 as the latest version; because
> >it's bzip2 .
> 
> Yeah, SF has dumb defaults (used to better some years ago) - worked around
> now. Anyway since SF also killed its notification system, there is
> http://freshmeat.net/projects/xtables-addons to which users
> can subscribe to.
> 
> >I had to go through all sorts of stuff to fine myself an xz-utils that
> >was able to unpack the .tar.xz archive.
> >Especially servers don't have that kind of support atm.
> 
> xz 4.999 (released 2009Q1) should do.
> It is included in openSUSE 11.3, 11.2, Fedora 14, 13, 12, and
> most likely others.

well, my point is that most others don't yet (eg: debian lenny).

would it not be possible to ship a tar.gz or tar.bz2 for a while yet? .tar.xz 
isn't a common source extention for now and tar doesn't have a easy switch yet 
either. possibly until SF recognizes tar.xz as a source file?

tia,

Maarten