Interesting message

Interesting message

[James Lay]

So I'm not sure how I managed to do this, but here it is:

sudo iptables -A FORWARD -s 10.0.0.0/8 -m string --string "myspace.com"
--algo bm -j DROP
iptables: match `string' v1.3.6 (I'm v1.3.8).

I'm running kernel 2.6.21.7.  Is there something I'm missing to get this to
fly?  Thanks all.

James

Re: Interesting message

[Grant Taylor]

On 10/05/07 12:51, James Lay wrote:
> So I'm not sure how I managed to do this, but here it is:
> 
> sudo iptables -A FORWARD -s 10.0.0.0/8 -m string --string 
> "myspace.com" --algo bm -j DROP
> iptables: match `string' v1.3.6 (I'm v1.3.8).
> 
> I'm running kernel 2.6.21.7.  Is there something I'm missing to get 
> this to fly?  Thanks all.


I'm not sure but it looks like you have a kernel IPTables version vs 
IPTables module version mismatch.  Did you by chance upgrade your kernel 
or have any updates applied to your system?



Grant. . . .

Re: Interesting message

[James Lay]

On 10/5/07 12:37 PM, "Grant Taylor" <gtaylor@riverviewtech.net> wrote:

> On 10/05/07 12:51, James Lay wrote:
>> So I'm not sure how I managed to do this, but here it is:
>> 
>> sudo iptables -A FORWARD -s 10.0.0.0/8 -m string --string
>> "myspace.com" --algo bm -j DROP
>> iptables: match `string' v1.3.6 (I'm v1.3.8).
>> 
>> I'm running kernel 2.6.21.7.  Is there something I'm missing to get
>> this to fly?  Thanks all.
> 
> 
> I'm not sure but it looks like you have a kernel IPTables version vs
> IPTables module version mismatch.  Did you by chance upgrade your kernel
> or have any updates applied to your system?
> 
> 
> 
> Grant. . . .
> -
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


Grant,

I've just recompiled my kernel...same kernel version, but now compiled with
1.3.8.  I still get the same message.  Is there something obvious that I'm
missing here?  Thanks.

James

Re: Interesting message

[Grant Taylor]

On 10/07/07 21:54, James Lay wrote:
> I've just recompiled my kernel...same kernel version, but now 
> compiled with 1.3.8.  I still get the same message.  Is there 
> something obvious that I'm missing here?  Thanks.

Did you recompile any IPTables related modules and re-install them?

Other than that, no, nothing obvious.



Grant. . . .

Re: Interesting message (SOLVES (sorta))

[James Lay]

On 10/8/07 9:07 AM, "Grant Taylor" <gtaylor@riverviewtech.net> wrote:

> On 10/07/07 21:54, James Lay wrote:
>> I've just recompiled my kernel...same kernel version, but now
>> compiled with 1.3.8.  I still get the same message.  Is there
>> something obvious that I'm missing here?  Thanks.
> 
> Did you recompile any IPTables related modules and re-install them?
> 
> Other than that, no, nothing obvious.
> 
> 
> 
> Grant. . . .
> -
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


Ok this is interesting...I recompiled my iptables-1.3.8 with make clean then
make, and when I did a make install, I didn't see the extension
libipt_string being created.  I did a make distclean, then forced it to the
kernel dir with make KERNEL_DIR=/usr/src/linux.  This time I see a
libipt_string.so, but running make install still doesn't actually install
it.  I had to manually copy it into /usr/lib/iptables.  Interesting...but
mission accomplished.  Thanks to all for the assist :)

James

Re: Interesting message (SOLVES (sorta))

[Grant Taylor]

On 10/08/07 21:44, James Lay wrote:
> Ok this is interesting...I recompiled my iptables-1.3.8 with make 
> clean then make, and when I did a make install, I didn't see the 
> extension libipt_string being created.  I did a make distclean, then 
> forced it to the kernel dir with make KERNEL_DIR=/usr/src/linux. 
> This time I see a libipt_string.so, but running make install still 
> doesn't actually install it.  I had to manually copy it into 
> /usr/lib/iptables.  Interesting...but mission accomplished.  Thanks 
> to all for the assist :)

Good.  I'm glad that you got things working.  This sounds like an 
undocumented feature or bug, take your pick.  If it is the former, you 
may want to drop a line to the maintainer of the libipt_string match 
extension.



Grant. . . .

Re: Interesting message (SOLVES (sorta))

[James Lay]

On 10/9/07 8:07 AM, "Grant Taylor" <gtaylor@riverviewtech.net> wrote:

> On 10/08/07 21:44, James Lay wrote:
>> Ok this is interesting...I recompiled my iptables-1.3.8 with make
>> clean then make, and when I did a make install, I didn't see the
>> extension libipt_string being created.  I did a make distclean, then
>> forced it to the kernel dir with make KERNEL_DIR=/usr/src/linux.
>> This time I see a libipt_string.so, but running make install still
>> doesn't actually install it.  I had to manually copy it into
>> /usr/lib/iptables.  Interesting...but mission accomplished.  Thanks
>> to all for the assist :)
> 
> Good.  I'm glad that you got things working.  This sounds like an
> undocumented feature or bug, take your pick.  If it is the former, you
> may want to drop a line to the maintainer of the libipt_string match
> extension.
> 
> 
> 
> Grant. . . .
> -
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


Sounds good...I was wondering if it was more of a Makefile issue, but I'll
send to the string folks as well :)

Thank you,
James