View previous topic :: View next topic |
Author |
Message |
ciro64 Guru
Joined: 20 Jun 2009 Posts: 424
|
Posted: Thu Sep 13, 2012 3:47 pm Post subject: [Risolto] iptables & kernel-config |
|
|
Salve !!!
Vorrei usare iptables, ma non ho capito cosa devo configurare a livello kernel; grazie per eventuali delucidazioni _________________ Gentoo: il sistema più eclettico e geniale che abbia mai provato
Last edited by ciro64 on Thu Sep 13, 2012 9:15 pm; edited 1 time in total |
|
Back to top |
|
|
ago Developer
Joined: 01 Mar 2008 Posts: 1527 Location: Milan, Italy
|
Posted: Thu Sep 13, 2012 5:41 pm Post subject: |
|
|
Moved from Forum italiano (Italian) to Forum di discussione italiano. |
|
Back to top |
|
|
ago Developer
Joined: 01 Mar 2008 Posts: 1527 Location: Milan, Italy
|
Posted: Thu Sep 13, 2012 5:43 pm Post subject: |
|
|
Networking support ---> Networking options ---> Network packet filtering framework (Netfilter) --->
E abilita quel che ti serve. |
|
Back to top |
|
|
ciro64 Guru
Joined: 20 Jun 2009 Posts: 424
|
Posted: Thu Sep 13, 2012 8:00 pm Post subject: |
|
|
Ok ..... l'errore che ottengo è :
Code: |
amdfx8150 ~ # cat /var/log/rc.log |grep -i ipta
iptables | * Saving iptables state ...
[ ok ]iptables | *
Your kernel lacks iptables support, please load
iptables | * [ ok ]
iptables | * ERROR: iptables failed to stop
iptables | * Saving iptables state ...
[ ok ]iptables | *
Your kernel lacks iptables support, please load
iptables | * [ ok ]
iptables | * ERROR: iptables failed to stop
iptables | * Loading iptables state and starting firewall ...
amdfx8150 ~ #
|
Ora provo a seguire le tue indicazioni e ti faccio sapere.....
Edit: ho ricompilato il kernel..... la situazione è ora la seguente:
Code: |
<*> Packet socket │ │
│ │ <*> Unix domain sockets │ │
│ │ <M> UNIX: socket monitoring interface │ │
│ │ <M> Transformation user configuration interface │ │
│ │ [*] Transformation sub policy support (EXPERIMENTAL) │ │
│ │ -*- Transformation migrate database (EXPERIMENTAL) │ │
│ │ [*] Transformation statistics (EXPERIMENTAL) │ │
│ │ <M> PF_KEY sockets │ │
│ │ [*] PF_KEY MIGRATE (EXPERIMENTAL) │ │
│ │ [*] TCP/IP networking │ │
│ │ [*] IP: multicasting │ │
│ │ [*] IP: advanced router │ │
│ │ [*] FIB TRIE statistics │ │
│ │ [*] IP: policy routing │ │
│ │ [*] IP: equal cost multipath │ │
│ │ [*] IP: verbose route monitoring │ │
│ │ [*] IP: kernel level autoconfiguration │ │
│ │ [*] IP: DHCP support │ │
│ │ [*] IP: BOOTP support │ │
│ │ [*] IP: RARP support │ │
│ │ <M> IP: tunneling │ │
│ │ <M> IP: GRE demultiplexer │ │
│ │ <M> IP: GRE tunnels over IP │ │
│ │ [*] IP: broadcast GRE over IP │ │
│ │ [*] IP: multicast routing │ │
│ │ [*] IP: multicast policy routing │ │
│ │ [*] IP: PIM-SM version 1 support │ │
│ │ [*] IP: PIM-SM version 2 support │ │
│ │ [*] IP: ARP daemon support │ │
│ │ [*] IP: TCP syncookie support │ │
│ │ <*> IP: AH transformation │ │
│ │ <*> IP: ESP transformation │ │
│ │ <*> IP: IPComp transformation │ │
│ │ <*> IP: IPsec transport mode │ │
│ │ <*> IP: IPsec tunnel mode │ │
│ │ <*> IP: IPsec BEET mode │ │
│ │ {*} Large Receive Offload (ipv4/tcp) │ │
│ │ <*> INET: socket monitoring interface │ │
│ │ <M> UDP: socket monitoring interface │ │
│ │ [*] TCP: advanced congestion control ---> │ │
│ │ [*] TCP: MD5 Signature Option support (RFC2385) (EXPERIMENTAL) │ │
│ │ <M> The IPv6 protocol ---> │ │
│ │ [*] Security Marking │ │
│ │ [ ] Timestamping in PHY devices │ │
│ │ [*] Network packet filtering framework (Netfilter) ---> │ │
│ │ <M> The DCCP Protocol (EXPERIMENTAL) ---> │ │
│ │ -M- The SCTP Protocol (EXPERIMENTAL) ---> │ │
│ │ <M> The RDS Protocol (EXPERIMENTAL) │ │
│ │ <M> RDS over Infiniband and iWARP
[ ] RDS debugging messages │ │
│ │ <M> The TIPC Protocol (EXPERIMENTAL) ---> │ │
│ │ <M> Asynchronous Transfer Mode (ATM) │ │
│ │ <M> Classical IP over ATM │ │
│ │ [ ] Do NOT send ICMP if no neighbour │ │
│ │ <M> LAN Emulation (LANE) support │ │
│ │ <M> Multi-Protocol Over ATM (MPOA) support │ │
│ │ <M> RFC1483/2684 Bridged protocols │ │
│ │ [ ] Per-VC IP filter kludge │ │
│ │ < > Layer Two Tunneling Protocol (L2TP) ---> │ │
│ │ <M> 802.1d Ethernet Bridging │ │
│ │ [*] IGMP/MLD snooping │ │
│ │ < > Distributed Switch Architecture support │ │
│ │ <M> 802.1Q VLAN Support │ │
│ │ [ ] GVRP (GARP VLAN Registration Protocol) support │ │
│ │ <*> DECnet Support │ │
│ │ [*] DECnet: router support (EXPERIMENTAL) │ │
│ │ <*> ANSI/IEEE 802.2 LLC type 2 Support │ │
│ │ <*> The IPX protocol │ │
│ │ [*] IPX: Full internal IPX network │ │
│ │ <*> Appletalk protocol support │ │
│ │ <*> Appletalk interfaces support │ │
│ │ <*> Appletalk-IP driver support │ │
│ │ [*] IP to Appletalk-IP Encapsulation support │ │
│ │ [*] Appletalk-IP to IP Decapsulation support │ │
│ │ <*> CCITT X.25 Packet Layer (EXPERIMENTAL) │ │
│ │ <*> LAPB Data Link Driver (EXPERIMENTAL) │ │
│ │ <*> Acorn Econet/AUN protocols (EXPERIMENTAL) │ │
│ │ [*] AUN over UDP │ │
│ │ [*] Native Econet │ │
│ │ <*> WAN router │ │
│ │ <*> Phonet protocols family │ │
│ │ <*> IEEE Std 802.15.4 Low-Rate Wireless Personal Area Networks support (EXPERIMENTAL) │ │
│ │ <M> 6lowpan support over IEEE 802.15.4 │ │
│ │ [*] QoS and/or fair queueing ---> │ │
│ │ [*] Data Center Bridging support │ │
│ │ <*> DNS Resolver support │ │
│ │ <*> B.A.T.M.A.N. Advanced Meshing Protocol │ │
│ │ [*] B.A.T.M.A.N. debugging │ │
│ │ <*> Open vSwitch │ │
│ │ <*> Network priority cgroup │ │
│ │ [*] enable BPF Just In Time compiler │ │
│ │ Network testing --->
|
Ma ottengo sempre il messaggio di eroore in rc.log.
uhm non riesco a capire come uscirne.... e perdonate la mia incapacità _________________ Gentoo: il sistema più eclettico e geniale che abbia mai provato |
|
Back to top |
|
|
ago Developer
Joined: 01 Mar 2008 Posts: 1527 Location: Milan, Italy
|
Posted: Thu Sep 13, 2012 8:53 pm Post subject: |
|
|
hai abilitato i moduli nella sottocategoria Network packet filtering framework ?
hai provato a metterli * ? |
|
Back to top |
|
|
ciro64 Guru
Joined: 20 Jun 2009 Posts: 424
|
Posted: Thu Sep 13, 2012 9:05 pm Post subject: |
|
|
Ok, adesso ho provato a mettere il più possibile come "built in"
10 minuti che ricompilo il kernel e ti faccio sapere fra poco.
Grazie tantissimo per la disponibilità e cortesia
------
edit: Grandissimo Ago, grazie !!!!!! adesso non ottengo più errore come prima
Code: |
amdfx8150 ~ # cat /var/log/rc.log |grep -i ipta
rsyslog | * Stopping rsyslogd ...iptables | * Saving iptables state ...swapfiles | * Deactivating additional swap space ...
[ ok ] [ ok ]iptables | * Stopping firewall ...
rsyslog | * Stopping rsyslogd ...iptables | * Saving iptables state ...swapfiles | * Deactivating additional swap space ...
[ ok ] [ ok ]iptables | * Stopping firewall ...
iptables | * Loading iptables state and starting firewall ...
amdfx8150 ~ #
|
Non pensavo facesse così differenza tra modulo o built-in.
Ciao _________________ Gentoo: il sistema più eclettico e geniale che abbia mai provato |
|
Back to top |
|
|
ago Developer
Joined: 01 Mar 2008 Posts: 1527 Location: Milan, Italy
|
Posted: Thu Sep 13, 2012 10:39 pm Post subject: |
|
|
bene, ti consiglio di avere un file con le regole, molto banalmente /usr/local/sbin/regole che conterrà le tue le regole + il salvataggio regole a fine file (/etc/init.d/iptables save) |
|
Back to top |
|
|
ciro64 Guru
Joined: 20 Jun 2009 Posts: 424
|
Posted: Fri Sep 14, 2012 12:03 am Post subject: |
|
|
Perfetto.... grazie ancora _________________ Gentoo: il sistema più eclettico e geniale che abbia mai provato |
|
Back to top |
|
|
|