View previous topic :: View next topic |
Author |
Message |
dafqq n00b
Joined: 17 Apr 2013 Posts: 25
|
Posted: Fri Apr 19, 2013 6:41 pm Post subject: iptables-1.4.16 + imq |
|
|
Hello,
Could someone tell me how to patch imq+iptables ? last time when i used img+iptables it was at kernel 2.6 and i just emerge iptables with "extension" flag. Should i download iptables from netfilter, patch manualy and make simlink to iptables?
Kernel-3.7.10 iptables-1.4.16
Regards |
|
Back to top |
|
|
Maitreya Guru
Joined: 11 Jan 2006 Posts: 441
|
Posted: Sun Apr 21, 2013 6:07 pm Post subject: |
|
|
I don't need it myself but I guess it's a good exercise :
You can make a local overlay for these 2 packages
Quote: |
~/mkdir -p /usr/local/portage/sys-kernel
~/mkdir -p /usr/local/portage/net-firewall
~/cp -r /usr/portage/sys-kernel/gentoo-sources /usr/local/portage/sys-kernel
~/cp -r /usr/portage/net-firewall/iptables /usr/local/portage/iptables
|
Add an epatch to "/usr/local/portage/net-firewall/iptables/iptables-1.4.16.3.ebuild"
Change :
Quote: |
src_prepare() {
# use the saner headers from the kernel
rm -f include/linux/{kernel,types}.h
# Only run autotools if user patched something
epatch_user && eautoreconf || elibtoolize
}
|
To
Quote: |
src_prepare() {
# use the saner headers from the kernel
rm -f include/linux/{kernel,types}.h
epatch "${FILESDIR}"/${P}-imq.patch
# Only run autotools if user patched something
epatch_user && eautoreconf || elibtoolize
}
|
Get the patch supplied from LinuxIMQ
Now remove the version prefixed paths from /usr/local/portage/iptables/files/iptables-1.4.16.3-imq.patch.
Quote: |
diff -Naur iptables-1.4.12.2/extensions/libxt_IMQ.c iptables-1.4.12.2-imq/extensions/libxt_IMQ.c
--- iptables-1.4.12.2/extensions/libxt_IMQ.c 1970-01-01 02:00:00.000000000 +0200
+++ iptables-1.4.12.2-imq/extensions/libxt_IMQ.c 2011-09-30 13:53:21.000000000 +0300
|
Would be
Quote: |
diff -Naur extensions/libxt_IMQ.c iptables-1.4.12.2-imq/extensions/libxt_IMQ.c
--- extensions/libxt_IMQ.c 1970-01-01 02:00:00.000000000 +0200
+++ iptables-1.4.12.2-imq/extensions/libxt_IMQ.c 2011-09-30 13:53:21.000000000 +0300
|
There are three of these sections in the patch file.
Now the validate the added patch to portage digest your ebuild
Quote: |
~/ebuild /usr/local/portage/net-firewall/iptables/iptables-1.4.16.3.ebuild digest
|
And emerge it
Now for the kernel :
Add a "src_prepare" section to /usr/local/portage/sys-kernel/gentoo-sources/gentoo-sources-3.7.10.ebuild
Between
Quote: |
SRC_URI="${KERNEL_URI} ${GENPATCHES_URI} ${ARCH_URI}"
pkg_postinst() {
|
You add :
Quote: |
src_prepare(){
epatch "${FILESDIR}"/9999_imq.patch
}
|
Download the patch for the kernel and add it to your local ebuild
Now digest this ebuild, emerge it and configure
Quote: |
~/ebuild /usr/local/portage/sys-kernel/gentoo-sources/gentoo-sources-3.7.10.ebuild digest
~/emerge gentoo-sources
~/cd /usr/src/linux-3.7.10-gentoo
~/make menuconfig
|
If everything went correctly you can search for "imq" and it will give its patched options |
|
Back to top |
|
|
dafqq n00b
Joined: 17 Apr 2013 Posts: 25
|
Posted: Wed Apr 24, 2013 8:16 pm Post subject: |
|
|
Hi,
Thx for help:)
But when i emerge iptables and i wanna try it i get:
Code: | iptables -nvL
iptables v1.4.16.3: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded. |
My .config
Code: | CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
CONFIG_NETFILTER_ADVANCED=y
#
# Core Netfilter Configuration
#
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_ACCT=y
CONFIG_NETFILTER_NETLINK_QUEUE=y
CONFIG_NETFILTER_NETLINK_LOG=y
CONFIG_NF_CONNTRACK=y
CONFIG_NF_CONNTRACK_MARK=y
CONFIG_NF_CONNTRACK_SECMARK=y
CONFIG_NF_CONNTRACK_ZONES=y
CONFIG_NF_CONNTRACK_PROCFS=y
CONFIG_NF_CONNTRACK_EVENTS=y
CONFIG_NF_CONNTRACK_TIMEOUT=y
CONFIG_NF_CONNTRACK_TIMESTAMP=y
CONFIG_NF_CT_PROTO_DCCP=m
CONFIG_NF_CT_PROTO_GRE=m
CONFIG_NF_CT_PROTO_SCTP=m
CONFIG_NF_CT_PROTO_UDPLITE=m
CONFIG_NF_CONNTRACK_AMANDA=m
CONFIG_NF_CONNTRACK_FTP=m
CONFIG_NF_CONNTRACK_H323=m
CONFIG_NF_CONNTRACK_IRC=m
CONFIG_NF_CONNTRACK_BROADCAST=m
CONFIG_NF_CONNTRACK_NETBIOS_NS=m
CONFIG_NF_CONNTRACK_SNMP=m
CONFIG_NF_CONNTRACK_PPTP=m
CONFIG_NF_CONNTRACK_SANE=m
CONFIG_NF_CONNTRACK_SIP=m
CONFIG_NF_CONNTRACK_TFTP=m
CONFIG_NF_CT_NETLINK=m
# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
# CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set
CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_NF_NAT_PROTO_DCCP=m
CONFIG_NF_NAT_PROTO_UDPLITE=m
CONFIG_NF_NAT_PROTO_SCTP=m
CONFIG_NF_NAT_AMANDA=m
CONFIG_NF_NAT_FTP=m
CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_SIP=m
CONFIG_NF_NAT_TFTP=m
CONFIG_NETFILTER_TPROXY=m
CONFIG_NETFILTER_XTABLES=y
#
# Xtables combined modules
#
CONFIG_NETFILTER_XT_MARK=m
CONFIG_NETFILTER_XT_CONNMARK=m
#
# Xtables targets
#
CONFIG_NETFILTER_XT_TARGET_AUDIT=m
CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
CONFIG_NETFILTER_XT_TARGET_CT=m
CONFIG_NETFILTER_XT_TARGET_DSCP=m
CONFIG_NETFILTER_XT_TARGET_HL=m
CONFIG_NETFILTER_XT_TARGET_HMARK=m
CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m
CONFIG_NETFILTER_XT_TARGET_LOG=m
CONFIG_NETFILTER_XT_TARGET_IMQ=m
CONFIG_NETFILTER_XT_TARGET_MARK=m
CONFIG_NETFILTER_XT_TARGET_NETMAP=m
CONFIG_NETFILTER_XT_TARGET_NFLOG=m
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
CONFIG_NETFILTER_XT_TARGET_RATEEST=m
CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
CONFIG_NETFILTER_XT_TARGET_TEE=m
CONFIG_NETFILTER_XT_TARGET_TPROXY=m
CONFIG_NETFILTER_XT_TARGET_TRACE=m
CONFIG_NETFILTER_XT_TARGET_SECMARK=m
CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
#
# Xtables matches
#
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
CONFIG_NETFILTER_XT_MATCH_CLUSTER=m
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_CPU=m
CONFIG_NETFILTER_XT_MATCH_DCCP=m
CONFIG_NETFILTER_XT_MATCH_DEVGROUP=m
CONFIG_NETFILTER_XT_MATCH_DSCP=m
CONFIG_NETFILTER_XT_MATCH_ECN=m
CONFIG_NETFILTER_XT_MATCH_ESP=m
CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m
CONFIG_NETFILTER_XT_MATCH_HELPER=m
CONFIG_NETFILTER_XT_MATCH_HL=m
CONFIG_NETFILTER_XT_MATCH_IPRANGE=m
CONFIG_NETFILTER_XT_MATCH_LENGTH=m
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
CONFIG_NETFILTER_XT_MATCH_MAC=m
CONFIG_NETFILTER_XT_MATCH_MARK=m
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
CONFIG_NETFILTER_XT_MATCH_NFACCT=m
CONFIG_NETFILTER_XT_MATCH_OSF=m
CONFIG_NETFILTER_XT_MATCH_OWNER=m
CONFIG_NETFILTER_XT_MATCH_POLICY=m
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
CONFIG_NETFILTER_XT_MATCH_QUOTA=m
CONFIG_NETFILTER_XT_MATCH_RATEEST=m
CONFIG_NETFILTER_XT_MATCH_REALM=m
CONFIG_NETFILTER_XT_MATCH_RECENT=m
CONFIG_NETFILTER_XT_MATCH_SCTP=m
CONFIG_NETFILTER_XT_MATCH_SOCKET=m
CONFIG_NETFILTER_XT_MATCH_STATE=m
CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
CONFIG_NETFILTER_XT_MATCH_STRING=m
CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
CONFIG_NETFILTER_XT_MATCH_TIME=m
CONFIG_NETFILTER_XT_MATCH_U32=m
# CONFIG_IP_SET is not set
# CONFIG_IP_VS is not set
#
# IP: Netfilter Configuration
#
CONFIG_NF_DEFRAG_IPV4=y
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_AH=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_RPFILTER=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_NF_NAT_IPV4=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_NF_NAT_SNMP_BASIC=m
CONFIG_NF_NAT_PROTO_GRE=m
CONFIG_NF_NAT_PPTP=m
CONFIG_NF_NAT_H323=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_SECURITY=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
|
I almost sure that i have complete kernel config and its correct, here is my syslog file
Code: | iptable_filter: disagrees about version of symbol xt_hook_link
iptable_filter: Unknown symbol xt_hook_link (err -22)
iptable_filter: disagrees about version of symbol ipt_alloc_initial_table
iptable_filter: Unknown symbol ipt_alloc_initial_table (err -22)
iptable_filter: disagrees about version of symbol ipt_do_table
iptable_filter: Unknown symbol ipt_do_table (err -22)
iptable_filter: disagrees about version of symbol register_pernet_subsys
iptable_filter: Unknown symbol register_pernet_subsys (err -22)
iptable_filter: disagrees about version of symbol ipt_unregister_table
iptable_filter: Unknown symbol ipt_unregister_table (err -22)
iptable_filter: disagrees about version of symbol xt_hook_unlink
iptable_filter: Unknown symbol xt_hook_unlink (err -22)
iptable_filter: disagrees about version of symbol unregister_pernet_subsys
iptable_filter: Unknown symbol unregister_pernet_subsys (err -22)
iptable_filter: disagrees about version of symbol ipt_register_table
iptable_filter: Unknown symbol ipt_register_table (err -22)
iptable_filter: disagrees about version of symbol xt_hook_link
iptable_filter: Unknown symbol xt_hook_link (err -22) |
I try to use modprobe
Code: | modprobe iptable_filter
modprobe: ERROR: could not insert 'iptable_filter': Invalid argument |
|
|
Back to top |
|
|
|